Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Major
Fix Version/s: None
Affects Version/s: openshift-4.14
Component/s: Backend
Labels:
- rfe

Story Points:
2
Blocked:
False
Blocked Reason:
None
Ready:
False
Epic Link:
CONSOLE-3361
Feature Link:
OCPSTRAT-220 - Console: Customer Happiness (RFEs) for 4.14
Intelligence Requested:
Market:

Sprint:
HAC Infra OCP - Sprint 239

SFDC Cases Links:
SFDC Cases Counter:
SFDC Cases Open:

{}According to security it is important to disable publicly available content from OpenShift Web Console which is available through: `/opt/bridge/bin/bridge --public-dir=/opt/bridge/static --config=/var/console-config` in the console pod (openshift-console namespace).

The folder /opt/bridge/static and its files are publicly available without authentication.
The purpose of this RFE is to disable the static assets:
https://console-openshift-console.apps.example.com/static/assets/
https://console-openshift-console.apps.example.com/static/

Why does the customer need this? (List the business requirements here)
The security department of the customer recommended disabling the static assets because they are available without authentication.
Even the fact that there are only images in PNG or SVG format.

is related to

RFE-2678 Disable static content available from OpenShift Console without authentication

Accepted

links to

openshift/console#12183: CONSOLE-3591: Remove directory listing for /static/*

openshift/console#13001: CONSOLE-3591: Remove directory listing for /static/*

Assignee:: Jakub Hadvig

Reporter:: Joseph Caiani

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2023/03/22 6:53 PM

Updated:: 2023/07/21 1:54 PM

Resolved:: 2023/07/21 1:54 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates