You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@hbase.apache.org by "Akshay Sudheer (Jira)" <ji...@apache.org> on 2020/12/16 17:03:00 UTC

[jira] [Created] (HBASE-25403) Cookie and Referrer policy vulnerabilities reported by scanner tool

Akshay Sudheer created HBASE-25403:
--------------------------------------

             Summary: Cookie and Referrer policy vulnerabilities reported by scanner tool
                 Key: HBASE-25403
                 URL: https://issues.apache.org/jira/browse/HBASE-25403
             Project: HBase
          Issue Type: Bug
          Components: REST
            Reporter: Akshay Sudheer


Vulnerability scanner has reported the following:

1.Cookies with missing, inconsistent or contradictory properties i)cookie without SameSite attribute

Remediation: To ensure that the cookies configuration complies with the applicable standards, Setting Same-Site attribute to Set-Cookie[{{}}|https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie] HTTP response header

Plan: Make Same-Site Configurable

 

2.Insecure Referrer Policy

Remediation: Consider setting Referrer-Policy header to 'strict-origin-when-cross-origin' or a stricter value

Plan: Make Referrer-Policy header Configurable.



--
This message was sent by Atlassian Jira
(v8.3.4#803005)