We have authentication in place and we allow no unauthenticated operations.
It has to be handled separately if Zeppelin doesn't have configurations yet.
If anyone else has any thoughts reach out.
On Thu., 13 Dec. 2018, 7:23 pm Tushar Kapila What I'm saying is that CORS is not a vulnerability once
What I'm saying is that CORS is not a vulnerability once you have
authentication in place. Cors works only if client respects it. Use a
standalone program like curl or postman or a custom client or even chrome
with security off (
https://stackoverflow.com/questions/17679399/does-disable-web-securit
It's authenticated with LDAP. Am talking about Cross Origin Resource
Sharing issue.
For which there are configuration recommended to harden the https headers.
https://issues.apache.org/jira/plugins/servlet/mobile#issue/ZEPPELIN-245
I have followed the steps here
https://zeppelin.apache.org/docs/0
If it is exposed and you don't want unauthorized users to read or write you
need to add authentication. Apache Shirio or make zeplin port private
(behind firewall) and proxy all requests thru a server that has the
authentication you want.
On Thu, 13 Dec, 2018, 11:12 Tushar Kapila Is your zepli
Is your zeplin exposed to the internet? If not don't see why this should be
an issue if it's behind the firewall?
On Wed, 12 Dec, 2018, 03:57 Bicky Ealias Checking again.. Has anyone got a chance to fix CORS issue on Zeppelin?
>
> On Wed., 5 Dec. 2018, 5:55 pm Bicky Ealias
>> Hello users,
>> Has
Checking again.. Has anyone got a chance to fix CORS issue on Zeppelin?
On Wed., 5 Dec. 2018, 5:55 pm Bicky Ealias Hello users,
> Has anyone succeeded in hardening Zeppelin against CORS vulnerability?
> -- Forwarded message -
>
> *From: *Jeff Zhang
> *Date: *Tuesday, 4 December 2
