[ https://issues.apache.org/jira/browse/TS-4653?focusedWorklogId=25751&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-25751 ]
ASF GitHub Bot logged work on TS-4653: -------------------------------------- Author: ASF GitHub Bot Created on: 20/Jul/16 13:47 Start Date: 20/Jul/16 13:47 Worklog Time Spent: 10m Work Description: Github user atsci commented on the issue: https://github.com/apache/trafficserver/pull/798 Linux build *failed*! See https://ci.trafficserver.apache.org/job/Github-Linux/353/ for details. Issue Time Tracking ------------------- Worklog Id: (was: 25751) Time Spent: 4h 20m (was: 4h 10m) > ESI plugin - $HTTP_COOKIE can leak important cookie info unintentionally > ------------------------------------------------------------------------ > > Key: TS-4653 > URL: https://issues.apache.org/jira/browse/TS-4653 > Project: Traffic Server > Issue Type: Bug > Components: Plugins > Reporter: Kit Chan > Assignee: Kit Chan > Fix For: 7.0.0 > > Time Spent: 4h 20m > Remaining Estimate: 0h > > In the ESI spec, we can print out cookie information with $HTTP_COOKIE. This > can be problematic and unintentionally print out sensitive info on a web page. > We should have mechanism to disable this by default and allow us to fine tune > it so we can choose to expose this functionality for only the cookie that we > allow -- This message was sent by Atlassian JIRA (v6.3.4#6332)