HDFS-17591. RBF: Router should follow X-FRAME-OPTIONS protection sett…

…ing (#6963)
apache · Jul 30, 2024 · 059e996 · 059e996
1 parent 038636a
commit 059e996
Show file tree

Hide file tree

Showing 2 changed files with 76 additions and 0 deletions.
diff --git a/...s-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterHttpServer.java b/...s-rbf/src/main/java/org/apache/hadoop/hdfs/server/federation/router/RouterHttpServer.java
@@ -20,6 +20,7 @@
 import java.net.InetSocketAddress;
 
 import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hdfs.DFSConfigKeys;
 import org.apache.hadoop.hdfs.DFSUtil;
 import org.apache.hadoop.hdfs.server.common.JspHelper;
 import org.apache.hadoop.hdfs.server.namenode.NameNodeHttpServer;
@@ -86,6 +87,16 @@ protected void serviceStart() throws Exception {
         RBFConfigKeys.DFS_ROUTER_KERBEROS_INTERNAL_SPNEGO_PRINCIPAL_KEY,
         RBFConfigKeys.DFS_ROUTER_KEYTAB_FILE_KEY);
 
+    final boolean xFrameEnabled = conf.getBoolean(
+        DFSConfigKeys.DFS_XFRAME_OPTION_ENABLED,
+        DFSConfigKeys.DFS_XFRAME_OPTION_ENABLED_DEFAULT);
+
+    final String xFrameOptionValue = conf.getTrimmed(
+        DFSConfigKeys.DFS_XFRAME_OPTION_VALUE,
+        DFSConfigKeys.DFS_XFRAME_OPTION_VALUE_DEFAULT);
+
+    builder.configureXFrame(xFrameEnabled).setXFrameOption(xFrameOptionValue);
+
     this.httpServer = builder.build();
 
     NameNodeHttpServer.initWebHdfs(conf, httpServer,

diff --git a/...test/java/org/apache/hadoop/hdfs/server/federation/router/TestRouterHttpServerXFrame.java b/...test/java/org/apache/hadoop/hdfs/server/federation/router/TestRouterHttpServerXFrame.java
@@ -0,0 +1,65 @@
+/**
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements.  See the NOTICE file distributed with this
+ * work for additional information regarding copyright ownership.  The ASF
+ * licenses this file to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * <p>
+ * http://www.apache.org/licenses/LICENSE-2.0
+ * <p>
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations under
+ * the License.
+ */
+
+package org.apache.hadoop.hdfs.server.federation.router;
+
+import java.io.IOException;
+import java.net.HttpURLConnection;
+import java.net.InetSocketAddress;
+import java.net.URI;
+import java.net.URL;
+
+import org.junit.Assert;
+import org.junit.Test;
+
+import org.apache.hadoop.conf.Configuration;
+import org.apache.hadoop.hdfs.DFSConfigKeys;
+import org.apache.hadoop.hdfs.HdfsConfiguration;
+
+import static org.apache.hadoop.http.HttpServer2.XFrameOption.SAMEORIGIN;
+
+/**
+ * A class to test the XFrame options of Router HTTP Server.
+ */
+public class TestRouterHttpServerXFrame {
+
+  @Test
+  public void testRouterXFrame() throws IOException {
+    Configuration conf = new HdfsConfiguration();
+    conf.setBoolean(DFSConfigKeys.DFS_XFRAME_OPTION_ENABLED, true);
+    conf.set(DFSConfigKeys.DFS_XFRAME_OPTION_VALUE, SAMEORIGIN.toString());
+
+    Router router = new Router();
+    try {
+      router.init(conf);
+      router.start();
+
+      InetSocketAddress httpAddress = router.getHttpServerAddress();
+      URL url =
+          URI.create("http://" + httpAddress.getHostName() + ":" + httpAddress.getPort()).toURL();
+      HttpURLConnection conn = (HttpURLConnection) url.openConnection();
+      conn.connect();
+
+      String xfoHeader = conn.getHeaderField("X-FRAME-OPTIONS");
+      Assert.assertNotNull("X-FRAME-OPTIONS is absent in the header", xfoHeader);
+      Assert.assertTrue(xfoHeader.endsWith(SAMEORIGIN.toString()));
+    } finally {
+      router.stop();
+      router.close();
+    }
+  }
+}