[ https://issues.apache.org/jira/browse/TS-4653?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Work on TS-4653 started by Kit Chan. ------------------------------------ > ESI plugin - $HTTP_COOKIE can leak important cookie info unintentionally > ------------------------------------------------------------------------ > > Key: TS-4653 > URL: https://issues.apache.org/jira/browse/TS-4653 > Project: Traffic Server > Issue Type: Bug > Components: Plugins > Reporter: Kit Chan > Assignee: Kit Chan > Fix For: 7.0.0 > > > In the ESI spec, we can print out cookie information with $HTTP_COOKIE. This > can be problematic and unintentionally print out sensitive info on a web page. > We should have mechanism to disable this by default and allow us to fine tune > it so we can choose to expose this functionality for only the cookie that we > allow -- This message was sent by Atlassian JIRA (v6.3.4#6332)