Akshay Sudheer created HBASE-25403:
--------------------------------------
Summary: Cookie and Referrer policy vulnerabilities reported by
scanner tool
Key: HBASE-25403
URL: https://issues.apache.org/jira/browse/HBASE-25403
Project: HBase
Issue Type: Bug
Components: REST
Reporter: Akshay Sudheer
Vulnerability scanner has reported the following:
1.Cookies with missing, inconsistent or contradictory properties i)cookie
without SameSite attribute
Remediation: To ensure that the cookies configuration complies with the
applicable standards, Setting Same-Site attribute to
Set-Cookie[{{}}|https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie]
HTTP response header
Plan: Make Same-Site Configurable
2.Insecure Referrer Policy
Remediation: Consider setting Referrer-Policy header to
'strict-origin-when-cross-origin' or a stricter value
Plan: Make Referrer-Policy header Configurable.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
