Brian Stansberry created WFCORE-616:
---------------------------------------
Summary: Ensure end users cannot set the
""execute-for-coordinator" operation header via the HTTP interface
Key: WFCORE-616
URL:
https://issues.jboss.org/browse/WFCORE-616
Project: WildFly Core
Issue Type: Task
Components: Domain Management
Affects Versions: 1.0.0.Alpha19
Reporter: Brian Stansberry
The "execute-for-coordinator" header is used internally in domain-wide operation
execution to indicate that a call is being made on behalf of the DC. End users should not
be able to use it.
Client calls that go through the native handling (including HTTP upgrade) have any such
header stripped by ModelControllerClientOperationHandler.ExecuteRequestHandler. We need to
do the same thing in the domain-http code for non-upgrade HTTP calls.
--
This message was sent by Atlassian JIRA
(v6.3.11#6341)