Uploaded image for project: 'OpenShift Console'
  1. OpenShift Console
  2. CONSOLE-3592

Disable static content available from OpenShift Console without authentication

    XMLWordPrintable

Details

    • Story
    • Resolution: Obsolete
    • Undefined
    • None
    • openshift-4.14
    • Backend
    • False
    • None
    • False

    Description

      {}According to security it is important to disable publicly available content from OpenShift Web Console which is available through: `/opt/bridge/bin/bridge --public-dir=/opt/bridge/static --config=/var/console-config` in the console pod (openshift-console namespace).

      The folder /opt/bridge/static and its files are publicly available without authentication. 
      The purpose of this RFE is to disable the static assets:
      https://console-openshift-console.apps.example.com/static/assets/
      https://console-openshift-console.apps.example.com/static/

      1. Why does the customer need this? (List the business requirements here)
        The security department of the customer recommended disabling the static assets because they are available without authentication. 
        Even the fact that there are only images in PNG or SVG format.

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            jcaiani@redhat.com Joseph Caiani
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: