[
https://issues.apache.org/jira/browse/FLINK-31020?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17689172#comment-17689172
]
Wencong Liu commented on FLINK-31020:
-------------------------------------
Thanks [~omkardeshpande8] for the proposal! I think it is a tricky behavior to
only allow GET operations. We cannot guarantee that REST APIs other than
submit/cancel/modify do not use POST/PUT operations on the web UI. If you think
it's unsafe, you can disable the rest server.
> Read-only mode for Rest API
> ---------------------------
>
> Key: FLINK-31020
> URL: https://issues.apache.org/jira/browse/FLINK-31020
> Project: Flink
> Issue Type: New Feature
> Components: Runtime / REST
> Affects Versions: 1.16.1
> Reporter: Omkar Deshpande
> Priority: Major
>
> We run Flink jobs on application cluster on Kubernetes. We don't
> submit/cancel or modify jobs from rest API or web UI. If there was an option
> to enable only GET operations on the rest service, it would greatly solve the
> problem of configuring access control and reduce the attack surface.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
