You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@openwhisk.apache.org by gi...@git.apache.org on 2017/06/21 14:11:39 UTC

[GitHub] akrabat opened a new issue #2408: Web actions should not have a set-cookie header

akrabat opened a new issue #2408: Web actions should not have a set-cookie header
URL: https://github.com/apache/incubator-openwhisk/issues/2408
 
 
   When calling a web action via HTTP, I should not see a `Set-Cookie` header:
   
   i.e. when this action:
   
   ```swift
   func main(args: [String:Any]) -> [String:Any] {
       return [
           "headers": [
               "X-Clacks-Overhead": "GNU Terry Pratchett"
           ],
           "body": "<h1>Hello world!</h1>",
       ]
   }
   ```
   
   is uploaded to OpenWhisk with: `wsk action update htmltest html.swift --web true`, I get the output:
   
   ```text
   $ curl -i https://openwhisk.ng.bluemix.net/api/v1/web/19FT_dev/default/htmltest
   HTTP/1.1 200 OK
   X-Backside-Transport: OK OK
   Connection: Keep-Alive
   Transfer-Encoding: chunked
   Server: nginx/1.11.13
   Date: Wed, 21 Jun 2017 14:08:00 GMT
   Content-Type: text/html
   X-Clacks-Overhead: GNU Terry Pratchett
   X-Client-IP: 81.132.67.186
   X-Global-Transaction-ID: 1385362991
   Set-Cookie: DPJSESSIONID=PBC5YS:1663067204; Path=/; Domain=.whisk.ng.bluemix.net
   
   <h1>Hello world!</h1>
   ```
   
   The `Set-Cookie:` header shouldn't be. Arguably, the `Server` shouldn't be either as it leaks information.
   
   
   
 
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on GitHub and use the
URL above to go to the specific comment.
 
For queries about this service, please contact Infrastructure at:
users@infra.apache.org


With regards,
Apache Git Services