[jira] [Updated] (HBASE-27811) Enable cache control for logs endpoint and set max age as 0

Wellington Chevreuil (Jira) Wed, 26 Apr 2023 02:21:04 -0700


     [ 
https://issues.apache.org/jira/browse/HBASE-27811?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Wellington Chevreuil updated HBASE-27811:
-----------------------------------------
    Priority: Minor  (was: Major)

> Enable cache control for logs endpoint and set max age as 0
> -----------------------------------------------------------
>
>                 Key: HBASE-27811
>                 URL: https://issues.apache.org/jira/browse/HBASE-27811
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Yash Dodeja
>            Assignee: Yash Dodeja
>            Priority: Minor
>
> Not setting the proper header values may cause browsers to store pages within 
> their respective caches. On public, shared, or any other non-private 
> computers, a malicious person may search through the browser cache to locate 
> sensitive information cached during another user's session.
> /logs endpoint contains sensitive information that an attacker can exploit.
> Any page with sensitive information needs to have the following headers in 
> response:
> Cache-Control: no-cache, no-store, max-age=0
> Pragma: no-cache
> Expires: -1



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (HBASE-27811) Enable cache control for logs endpoint and set max age as 0

Reply via email to