Details
-
Feature Request
-
Resolution: Done
-
Normal
-
None
-
None
-
False
-
None
-
False
-
0
-
0%
-
L
Description
- Proposed title of this feature request
Disable static content available from OpenShift Console without authentication.
- What is the nature and description of the request?
According to security it is important to disable publicly available content from OpenShift Web Console which is available through: `/opt/bridge/bin/bridge --public-dir=/opt/bridge/static --config=/var/console-config` in the console pod (openshift-console namespace).
The folder /opt/bridge/static and its files are publicly available without authentication.
The purpose of this RFE is to disable the static assets:
https://console-openshift-console.apps.example.com/static/assets/
https://console-openshift-console.apps.example.com/static/
- Why does the customer need this? (List the business requirements here)
The security department of the customer recommended disabling the static assets because they are available without authentication.
Even the fact that there are only images in PNG or SVG format.
- List any affected packages or components.
- OpenShift WebConsole
Attachments
Issue Links
- relates to
-
CONSOLE-3591 Disable static content available from OpenShift Console without authentication
-
- Closed
-