Google Git
Sign in
apache / zeppelin / c0e2ab6575f2d2cb88f9cfea98af041e88c8f02d
commitc0e2ab6575f2d2cb88f9cfea98af041e88c8f02d[log] [tgz]
authorVipin Rathor <v.rathor@gmail.com>Fri Aug 25 00:26:05 2017 -0700
committerLee moon soo <moon@apache.org>Thu Sep 28 21:38:47 2017 -0700
tree492987713c8f7b18f8c329e330daa21b3894281d
parent75df4aacca0907d251b06da87d9a49920683e48b [diff]
[MINOR] Updated shiro.ini.template to include secure cookie option

### What is this PR for?
Based on discussion in https://github.com/apache/zeppelin/pull/2545 , I'm updating the shiro.ini.template to include secure cookie option. With this change, Zeppelin Shiro will always set 'HttpOnly' flag in cookie. This will help to prevent majority of cross-site scripting (XSS) attacks.

### What type of PR is it?
Minor Improvement

### What is the Jira issue?
Minor change in shiro.ini

### How should this be tested?
CI tests should pass

### Questions:
* Does the licenses files need update? No
* Is there breaking changes for older versions? No
* Does this needs documentation? Doc changes already done in https://github.com/apache/zeppelin/pull/2545

Author: Vipin Rathor <v.rathor@gmail.com>

Closes #2550 from VipinRathor/fix-shiro-template and squashes the following commits:

6339243 [Vipin Rathor] Commenting out secure flag for Zeppelin cookies in shiro.ini.template Added description as well.
1da09cf [Vipin Rathor] [MINOR] Updated shiro.init.template to include secure cookie option

(cherry picked from commit 2437c8029c1f84460932ec65833ada356c3fc461)
Signed-off-by: Lee moon soo <moon@apache.org>
1 file changed
tree: 492987713c8f7b18f8c329e330daa21b3894281d
  1. .github/
  2. _tools/
  3. alluxio/
  4. angular/
  5. beam/
  6. bigquery/
  7. bin/
  8. cassandra/
  9. conf/
  10. dev/
  11. docs/
  12. elasticsearch/
  13. file/
  14. flink/
  15. geode/
  16. hbase/
  17. helium-dev/
  18. ignite/
  19. interpreter/
  20. jdbc/
  21. kylin/
  22. lens/
  23. licenses/
  24. livy/
  25. markdown/
  26. notebook/
  27. pig/
  28. postgresql/
  29. python/
  30. r/
  31. scalding/
  32. scio/
  33. scripts/
  34. shell/
  35. spark/
  36. spark-dependencies/
  37. testing/
  38. zeppelin-display/
  39. zeppelin-distribution/
  40. zeppelin-examples/
  41. zeppelin-interpreter/
  42. zeppelin-server/
  43. zeppelin-web/
  44. zeppelin-zengine/
  45. .appveyor.yml
  46. .gitignore
  47. .travis.yml
  48. LICENSE
  49. NOTICE
  50. pom.xml
  51. README.md
  52. Roadmap.md
  53. SECURITY-README.md
  54. STYLE.md
  55. travis_check.py
README.md

Apache Zeppelin

Documentation: User Guide
Mailing Lists: User and Dev mailing list
Continuous Integration: Build Status
Contributing: Contribution Guide
Issue Tracker: Jira
License: Apache 2.0

Zeppelin, a web-based notebook that enables interactive data analytics. You can make beautiful data-driven, interactive and collaborative documents with SQL, Scala and more.

Core feature:

  • Web based notebook style editor.
  • Built-in Apache Spark support

To know more about Zeppelin, visit our web site http://zeppelin.apache.org

Getting Started

Install binary package

Please go to install to install Apache Zeppelin from binary package.

Build from source

Please check Build from source to build Zeppelin from source.