[jboss-jira] [JBoss JIRA] (WFCORE-616) Ensure end users cannot set the ""execute-for-coordinator" operation header via the HTTP interface
Brian Stansberry (JIRA)
issues at jboss.org
Fri Mar 10 14:41:00 EST 2017
[ https://issues.jboss.org/browse/WFCORE-616?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brian Stansberry resolved WFCORE-616.
-------------------------------------
Resolution: Out of Date
Looks like the WFCORE-401 work corrected that
> Ensure end users cannot set the ""execute-for-coordinator" operation header via the HTTP interface
> --------------------------------------------------------------------------------------------------
>
> Key: WFCORE-616
> URL: https://issues.jboss.org/browse/WFCORE-616
> Project: WildFly Core
> Issue Type: Task
> Components: Domain Management
> Affects Versions: 1.0.0.Alpha19
> Reporter: Brian Stansberry
>
> The "execute-for-coordinator" header is used internally in domain-wide operation execution to indicate that a call is being made on behalf of the DC. End users should not be able to use it.
> Client calls that go through the native handling (including HTTP upgrade) have any such header stripped by ModelControllerClientOperationHandler.ExecuteRequestHandler. We need to do the same thing in the domain-http code for non-upgrade HTTP calls.
--
This message was sent by Atlassian JIRA
(v7.2.3#72005)
More information about the jboss-jira
mailing list