Nihal Jain created HBASE-28367:
----------------------------------
Summary: Backport "HBASE-27811 Enable cache control for logs
endpoint and set max age as 0" to branch-2
Key: HBASE-28367
URL: https://issues.apache.org/jira/browse/HBASE-28367
Project: HBase
Issue Type: Improvement
Reporter: Yash Dodeja
Assignee: Yash Dodeja
Fix For: 3.0.0-alpha-4
Not setting the proper header values may cause browsers to store pages within
their respective caches. On public, shared, or any other non-private computers,
a malicious person may search through the browser cache to locate sensitive
information cached during another user's session.
/logs endpoint contains sensitive information that an attacker can exploit.
Any page with sensitive information needs to have the following headers in
response:
Cache-Control: no-cache, no-store, max-age=0
Pragma: no-cache
Expires: -1
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
