[ https://issues.apache.org/jira/browse/TS-4653?focusedWorklogId=25506&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-25506 ]
ASF GitHub Bot logged work on TS-4653: -------------------------------------- Author: ASF GitHub Bot Created on: 15/Jul/16 09:23 Start Date: 15/Jul/16 09:23 Worklog Time Spent: 10m Work Description: Github user atsci commented on the issue: https://github.com/apache/trafficserver/pull/798 Linux build *successful*! See https://ci.trafficserver.apache.org/job/Github-Linux/324/ for details. Issue Time Tracking ------------------- Worklog Id: (was: 25506) Time Spent: 2h 10m (was: 2h) > ESI plugin - $HTTP_COOKIE can leak important cookie info unintentionally > ------------------------------------------------------------------------ > > Key: TS-4653 > URL: https://issues.apache.org/jira/browse/TS-4653 > Project: Traffic Server > Issue Type: Bug > Components: Plugins > Reporter: Kit Chan > Assignee: Kit Chan > Fix For: 7.0.0 > > Time Spent: 2h 10m > Remaining Estimate: 0h > > In the ESI spec, we can print out cookie information with $HTTP_COOKIE. This > can be problematic and unintentionally print out sensitive info on a web page. > We should have mechanism to disable this by default and allow us to fine tune > it so we can choose to expose this functionality for only the cookie that we > allow -- This message was sent by Atlassian JIRA (v6.3.4#6332)