Uploaded image for project: 'OpenShift Request For Enhancement'
  1. OpenShift Request For Enhancement
  2. RFE-2678

Disable static content available from OpenShift Console without authentication

XMLWordPrintable

    • Icon: Feature Request Feature Request
    • Resolution: Done
    • Icon: Normal Normal
    • None
    • None
    • User Interface
    • False
    • None
    • False
    • L

      1. Proposed title of this feature request
        Disable static content available from OpenShift Console without authentication.
      1. What is the nature and description of the request?
        According to security it is important to disable publicly available content from OpenShift Web Console which is available through: `/opt/bridge/bin/bridge --public-dir=/opt/bridge/static --config=/var/console-config` in the console pod (openshift-console namespace).
        The folder /opt/bridge/static and its files are publicly available without authentication. 
        The purpose of this RFE is to disable the static assets:
        https://console-openshift-console.apps.example.com/static/assets/
        https://console-openshift-console.apps.example.com/static/
      1. Why does the customer need this? (List the business requirements here)
        The security department of the customer recommended disabling the static assets because they are available without authentication. 
        Even the fact that there are only images in PNG or SVG format.
      1. List any affected packages or components.
      • OpenShift WebConsole

              amobrem Ali Mobrem
              rhn-support-rludva Radomir Ludva
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: