[jira] [Work logged] (TS-4653) ESI plugin - $HTTP_COOKIE can leak important cookie info unintentionally

ASF GitHub Bot (JIRA) Wed, 20 Jul 2016 06:49:50 -0700

     [ 
https://issues.apache.org/jira/browse/TS-4653?focusedWorklogId=25752&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-25752
 ]


ASF GitHub Bot logged work on TS-4653:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 20/Jul/16 13:48
            Start Date: 20/Jul/16 13:48
    Worklog Time Spent: 10m 
      Work Description: Github user atsci commented on the issue:

    https://github.com/apache/trafficserver/pull/798
  
    FreeBSD build *successful*! See 
https://ci.trafficserver.apache.org/job/Github-FreeBSD/457/ for details.
     



Issue Time Tracking
-------------------

    Worklog Id:     (was: 25752)
    Time Spent: 4.5h  (was: 4h 20m)

> ESI plugin - $HTTP_COOKIE can leak important cookie info unintentionally
> ------------------------------------------------------------------------
>
>                 Key: TS-4653
>                 URL: https://issues.apache.org/jira/browse/TS-4653
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: Plugins
>            Reporter: Kit Chan
>            Assignee: Kit Chan
>             Fix For: 7.0.0
>
>          Time Spent: 4.5h
>  Remaining Estimate: 0h
>
> In the ESI spec, we can print out cookie information with $HTTP_COOKIE. This 
> can be problematic and unintentionally print out sensitive info on a web page.
> We should have mechanism to disable this by default and allow us to fine tune 
> it so we can choose to expose this functionality for only the cookie that we 
> allow 



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Work logged] (TS-4653) ESI plugin - $HTTP_COOKIE can leak important cookie info unintentionally

Reply via email to