search

open-horizon / SDO-support

Components to make it easy to use Intel's SDO with open-horizon
Apache License 2.0
2 stars 14 forks source link

Dynamic scan issue SDO OCS api endpoint - Incomplete or No Cache-control and Pragma HTTP Header Set #16

Open ctiijima opened 4 years ago

ctiijima commented 4 years ago

The cache-control and pragma HTTP header have not been set properly or are missing allowing the browser and proxies to cache content.

URL: https://icp-console.apps.redacted.com/edge-sdo-ocs/api/version

Whenever possible ensure the cache-control HTTP header is set with no-cache, no-store, must-revalidate; and that the pragma HTTP header is set with no-cache.

https://www.owasp.org/index.php/Session_Management_Cheat_Sheet#Web_Content_Caching

A similar issue was found on the agbot api last year: https://github.com/open-horizon/anax/issues/1174

See this agbot code for the solution: https://github.com/open-horizon/anax/blob/10323c7f49e39c0d222d452011868eda000399d9/agreementbot/api.go#L168

bmpotter commented 4 years ago

@t-fine , assigning this to you, since you own this code now. I think the anax squad (ling and lily) have already dealt with this same issue in the golang rest api for agbot and css, so check with them for the code fix.