Revert "HBase Thrift HTTP - Shouldn't handle TRACE/OPTIONS methods"

This reverts commit 05f8e94191.

missing jira key

hbase-http/src/test/java/org/apache/hadoop/hbase/http/TestHttpServer.java

@@ -605,6 +605,8 @@ public class TestHttpServer extends HttpServerFunctionalTest {
     myServer.stop();
   }
 
+
+
   @Test
   public void testNoCacheHeader() throws Exception {
     URL url = new URL(baseUrl, "/echo?a=b&c=d");
@@ -617,15 +619,4 @@ public class TestHttpServer extends HttpServerFunctionalTest {
     assertEquals(conn.getHeaderField("Expires"), conn.getHeaderField("Date"));
     assertEquals("DENY", conn.getHeaderField("X-Frame-Options"));
   }
-
-  @Test
-  public void testHttpMethods() throws Exception {
-    // HTTP TRACE method should be disabled for security
-    // See https://www.owasp.org/index.php/Cross_Site_Tracing
-    URL url = new URL(baseUrl, "/echo?a=b");
-    HttpURLConnection conn = (HttpURLConnection) url.openConnection();
-    conn.setRequestMethod("TRACE");
-    conn.connect();
-    assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode());
-  }
 }

hbase-thrift/src/main/java/org/apache/hadoop/hbase/thrift/ThriftServerRunner.java

@@ -79,7 +79,6 @@ import org.apache.hadoop.hbase.filter.Filter;
 import org.apache.hadoop.hbase.filter.ParseFilter;
 import org.apache.hadoop.hbase.filter.PrefixFilter;
 import org.apache.hadoop.hbase.filter.WhileMatchFilter;
-import org.apache.hadoop.hbase.http.HttpServerUtil;
 import org.apache.hadoop.hbase.log.HBaseMarkers;
 import org.apache.hadoop.hbase.security.SaslUtil;
 import org.apache.hadoop.hbase.security.SaslUtil.QualityOfProtection;
@@ -446,7 +445,6 @@ public class ThriftServerRunner implements Runnable {
     // Context handler
     ServletContextHandler ctxHandler = new ServletContextHandler(httpServer, "/", ServletContextHandler.SESSIONS);
     ctxHandler.addServlet(new ServletHolder(thriftHttpServlet), "/*");
-    HttpServerUtil.constrainHttpMethods(ctxHandler);
 
     // set up Jetty and run the embedded server
     HttpConfiguration httpConfig = new HttpConfiguration();

hbase-thrift/src/test/java/org/apache/hadoop/hbase/thrift/TestThriftHttpServer.java

@@ -21,8 +21,6 @@ import static org.junit.Assert.assertFalse;
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.fail;
 
-import java.net.HttpURLConnection;
-import java.net.URL;
 import java.util.ArrayList;
 import java.util.List;
 import org.apache.hadoop.conf.Configuration;
@@ -40,7 +38,6 @@ import org.apache.thrift.protocol.TProtocol;
 import org.apache.thrift.transport.THttpClient;
 import org.apache.thrift.transport.TTransportException;
 import org.junit.AfterClass;
-import org.junit.Assert;
 import org.junit.BeforeClass;
 import org.junit.ClassRule;
 import org.junit.Rule;
@@ -174,10 +171,8 @@ public class TestThriftHttpServer {
       Thread.sleep(100);
     }
 
-    String url = "http://"+ HConstants.LOCALHOST + ":" + port;
     try {
-      checkHttpMethods(url);
-      talkToThriftServer(url, customHeaderSize);
+      talkToThriftServer(customHeaderSize);
     } catch (Exception ex) {
       clientSideException = ex;
     } finally {
@@ -194,19 +189,11 @@ public class TestThriftHttpServer {
     }
   }
 
-  private void checkHttpMethods(String url) throws Exception {
-    // HTTP TRACE method should be disabled for security
-    // See https://www.owasp.org/index.php/Cross_Site_Tracing
-    HttpURLConnection conn = (HttpURLConnection) new URL(url).openConnection();
-    conn.setRequestMethod("TRACE");
-    conn.connect();
-    Assert.assertEquals(HttpURLConnection.HTTP_FORBIDDEN, conn.getResponseCode());
-  }
-
   private static volatile boolean tableCreated = false;
 
-  private void talkToThriftServer(String url, int customHeaderSize) throws Exception {
-    THttpClient httpClient = new THttpClient(url);
+  private void talkToThriftServer(int customHeaderSize) throws Exception {
+    THttpClient httpClient = new THttpClient(
+        "http://"+ HConstants.LOCALHOST + ":" + port);
     httpClient.open();
 
     if (customHeaderSize > 0) {