Uploaded image for project: 'OpenShift Console'
  1. OpenShift Console
  2. CONSOLE-3592

Disable static content available from OpenShift Console without authentication

XMLWordPrintable

    • Icon: Story Story
    • Resolution: Obsolete
    • Icon: Undefined Undefined
    • None
    • openshift-4.14
    • Backend
    • False
    • None
    • False

      {}According to security it is important to disable publicly available content from OpenShift Web Console which is available through: `/opt/bridge/bin/bridge --public-dir=/opt/bridge/static --config=/var/console-config` in the console pod (openshift-console namespace).

      The folder /opt/bridge/static and its files are publicly available without authentication. 
      The purpose of this RFE is to disable the static assets:
      https://console-openshift-console.apps.example.com/static/assets/
      https://console-openshift-console.apps.example.com/static/

      1. Why does the customer need this? (List the business requirements here)
        The security department of the customer recommended disabling the static assets because they are available without authentication. 
        Even the fact that there are only images in PNG or SVG format.

       

              Unassigned Unassigned
              jcaiani@redhat.com Joseph Caiani
              Votes:
              0 Vote for this issue
              Watchers:
              1 Start watching this issue

                Created:
                Updated:
                Resolved: