Kit Chan created TS-4653:
----------------------------
Summary: ESI plugin - $HTTP_COOKIE can leak important cookie info
unintentionally
Key: TS-4653
URL: https://issues.apache.org/jira/browse/TS-4653
Project: Traffic Server
Issue Type: Bug
Components: Plugins
Reporter: Kit Chan
In the ESI spec, we can print out cookie information with $HTTP_COOKIE. This
can be problematic and unintentionally print out sensitive info on a web page.
We should have mechanism to disable this by default and allow us to fine tune
it so we can choose to expose this functionality for only the cookie that we
allow
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
