Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-2273

Cross Origin Resource Sharing protection for the OpenShift Web Console

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • None
    • User Interface
    • None
    • False
    • False

      1. Proposed title of this feature request
      Ensure Cross Origin Resource Sharing protection headers are present for the OpenShfit Web Console.

      2. What is the nature and description of the request?
      Currently, there is minimal protection for CORS in the OpenShift Web Console

      CORS allows resources to be requested from another domain outside the domain from which the resource originated.

      The absence of this has been known to be used with social-engineering/phishing to utilize existing session token on different website and cause users to issue malicious requests to the application without the users knowledge.

      Impact
      Exploitation of this vulnerability allows attackers to issue requests to the application on behalf of users and perform various tasks within the application.

      3. Why does the customer need this? (List the business requirements here)
      To increase the security of their platform

      4. List any affected packages or components.
      OpenShift Web Console.

        1. New Image.png
          New Image.png
          126 kB
        2. Old Image.png
          Old Image.png
          140 kB

              rh-ee-rfloren Roger Florén
              rhn-support-mwasher Michael Washer (Inactive)
              Votes:
              2 Vote for this issue
              Watchers:
              18 Start watching this issue

                Created:
                Updated:
                Resolved: