Yash Dodeja created HBASE-27811:
-----------------------------------
Summary: Enable cache control for logs endpoint and set max age as 0
Key: HBASE-27811
URL: https://issues.apache.org/jira/browse/HBASE-27811
Project: HBase
Issue Type: Improvement
Reporter: Yash Dodeja
Assignee: Yash Dodeja
Not setting the proper header values may cause browsers to store pages within
their respective caches. On public, shared, or any other non-private computers,
a malicious person may search through the browser cache to locate sensitive
information cached during another user's session.
/logs endpoint contains sensitive information that an attacker can exploit.
Any page with sensitive information needs to have the following headers in
response:
Cache-Control: no-cache, no-store, max-age=0
Pragma: no-cache
Expires: -1
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
