[dashboard] Cacheable SSL Page Found
Bug #1446701 reported by
Mark Vanderwiel
This bug affects 1 person
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack + Chef |
Fix Released
|
Medium
|
Ma Wen Cheng |
Bug Description
Allowing ssl pages to be cached by default is a security vulnerability.
Need to add the following to dash site config prevent the caching:
SetEnvIfExpr "req('accept') =˜ /html/" NO_CACHE
Header merge Cache-Control no-cache env=NO_CACHE
Header merge Cache-Control no-store env=NO_CACHE
Changed in openstack-chef: | |
assignee: | Mark Vanderwiel (vanderwl) → Ma Wen Cheng (mars914) |
To post a comment you must log in.
Fix proposed to branch: master /review. openstack. org/175934
Review: https:/