[jira] [Updated] (KAFKA-13240) HTTP TRACE should be disabled in Connect

Viktor Somogyi-Vass (Jira) Thu, 28 Apr 2022 07:11:05 -0700


     [ 
https://issues.apache.org/jira/browse/KAFKA-13240?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Viktor Somogyi-Vass updated KAFKA-13240:
----------------------------------------
    Labels: cloudera  (was: )

> HTTP TRACE should be disabled in Connect
> ----------------------------------------
>
>                 Key: KAFKA-13240
>                 URL: https://issues.apache.org/jira/browse/KAFKA-13240
>             Project: Kafka
>          Issue Type: Improvement
>          Components: KafkaConnect
>            Reporter: Viktor Somogyi-Vass
>            Assignee: Viktor Somogyi-Vass
>            Priority: Minor
>              Labels: cloudera
>
> Modern browsers mostly disable HTTP TRACE to prevent XST (cross-site 
> tracking) attacks.  Because of this usually this type of attack isn't too 
> prevalent these days but since it isn't disabled in Connect it may open up 
> possible ways of attacks (and constantly pops up in security scans :) ). 
> Therefore we'd like to disable it.



--
This message was sent by Atlassian Jira
(v8.20.7#820007)

[jira] [Updated] (KAFKA-13240) HTTP TRACE should be disabled in Connect

Reply via email to