[
https://issues.apache.org/jira/browse/TS-4653?focusedWorklogId=25482&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-25482
]
ASF GitHub Bot logged work on TS-4653:
--------------------------------------
Author: ASF GitHub Bot
Created on: 14/Jul/16 13:00
Start Date: 14/Jul/16 13:00
Worklog Time Spent: 10m
Work Description: Github user struct commented on the issue:
https://github.com/apache/trafficserver/pull/798
Looks like this version of the patch leaves out wildcard support
https://github.com/apache/trafficserver/pull/798/files#diff-a6bc69fbcc52f7fff04507b2a650ac4fR370
I think its sane to support that functionality as long as its not the default
Issue Time Tracking
-------------------
Worklog Id: (was: 25482)
Time Spent: 1h 20m (was: 1h 10m)
> ESI plugin - $HTTP_COOKIE can leak important cookie info unintentionally
> ------------------------------------------------------------------------
>
> Key: TS-4653
> URL: https://issues.apache.org/jira/browse/TS-4653
> Project: Traffic Server
> Issue Type: Bug
> Components: Plugins
> Reporter: Kit Chan
> Assignee: Kit Chan
> Fix For: 7.0.0
>
> Time Spent: 1h 20m
> Remaining Estimate: 0h
>
> In the ESI spec, we can print out cookie information with $HTTP_COOKIE. This
> can be problematic and unintentionally print out sensitive info on a web page.
> We should have mechanism to disable this by default and allow us to fine tune
> it so we can choose to expose this functionality for only the cookie that we
> allow
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
