Uploaded image for project: 'HBase'
  1. HBase
  2. HBASE-27811

Enable cache control for logs endpoint and set max age as 0

    XMLWordPrintableJSON

Details

    • Improvement
    • Status: Resolved
    • Minor
    • Resolution: Fixed
    • None
    • 3.0.0-alpha-4
    • None
    • None
    • Reviewed

    Description

      Not setting the proper header values may cause browsers to store pages within their respective caches. On public, shared, or any other non-private computers, a malicious person may search through the browser cache to locate sensitive information cached during another user's session.

      /logs endpoint contains sensitive information that an attacker can exploit.

      Any page with sensitive information needs to have the following headers in response:
      Cache-Control: no-cache, no-store, max-age=0
      Pragma: no-cache
      Expires: -1

      Attachments

        Issue Links

          is cloned by

          Improvement - An improvement or enhancement to an existing feature or task. HBASE-28367 Backport "HBASE-27811 Enable cache control for logs endpoint and set max age as 0" to branch-2

          • Minor - Minor loss of function, or other problem where easy workaround is present.
          • Resolved
          links to

          Web Link GitHub Pull Request #5204

          Activity

            People

              yashdodeja Yash Dodeja
              yashdodeja Yash Dodeja
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: