[KAFKA-13240] HTTP TRACE should be disabled in Connect - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Open
Priority: Minor
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: connect
Labels:
- cloudera

Description

Modern browsers mostly disable HTTP TRACE to prevent XST (cross-site tracking) attacks. Because of this usually this type of attack isn't too prevalent these days but since it isn't disabled in Connect it may open up possible ways of attacks (and constantly pops up in security scans ). Therefore we'd like to disable it.

Attachments

Issue Links

links to

GitHub Pull Request #11276

Activity

People

Assignee:: Viktor Somogyi-Vass

Reporter:: Viktor Somogyi-Vass

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Dates

Created:: 27/Aug/21 09:22

Updated:: 28/Apr/22 14:10