Kit Chan created TS-4653: ---------------------------- Summary: ESI plugin - $HTTP_COOKIE can leak important cookie info unintentionally Key: TS-4653 URL: https://issues.apache.org/jira/browse/TS-4653 Project: Traffic Server Issue Type: Bug Components: Plugins Reporter: Kit Chan
In the ESI spec, we can print out cookie information with $HTTP_COOKIE. This can be problematic and unintentionally print out sensitive info on a web page. We should have mechanism to disable this by default and allow us to fine tune it so we can choose to expose this functionality for only the cookie that we allow -- This message was sent by Atlassian JIRA (v6.3.4#6332)