[jira] [Updated] (HBASE-28367) Backport "HBASE-27811 Enable cache control for logs endpoint and set max age as 0" to branch-2

Nihal Jain (Jira) Sun, 18 Feb 2024 11:47:45 -0800


     [ 
https://issues.apache.org/jira/browse/HBASE-28367?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Nihal Jain updated HBASE-28367:
-------------------------------
    Resolution: Fixed
        Status: Resolved  (was: Patch Available)

> Backport "HBASE-27811  Enable cache control for logs endpoint and set max age 
> as 0" to branch-2
> -----------------------------------------------------------------------------------------------
>
>                 Key: HBASE-28367
>                 URL: https://issues.apache.org/jira/browse/HBASE-28367
>             Project: HBase
>          Issue Type: Improvement
>            Reporter: Yash Dodeja
>            Assignee: Nihal Jain
>            Priority: Minor
>              Labels: pull-request-available
>             Fix For: 2.6.0, 2.7.0
>
>
> Not setting the proper header values may cause browsers to store pages within 
> their respective caches. On public, shared, or any other non-private 
> computers, a malicious person may search through the browser cache to locate 
> sensitive information cached during another user's session.
> /logs endpoint contains sensitive information that an attacker can exploit.
> Any page with sensitive information needs to have the following headers in 
> response:
> Cache-Control: no-cache, no-store, max-age=0
> Pragma: no-cache
> Expires: -1



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

[jira] [Updated] (HBASE-28367) Backport "HBASE-27811 Enable cache control for logs endpoint and set max age as 0" to branch-2

Reply via email to