Uploaded image for project: 'SonarQube'
  1. SonarQube
  2. SONAR-6964

Do not display administration sensitive data when opening browser history

    XMLWordPrintable

    Details

      Description

      Clear browser history after user logout. Login as admin, go to admin page, logout, login as normal user, hit back button two times. You will end up hitting the admin page which may have sensitive data.

      As it's not possible to clean-up browser history programmatically, a solution is to disable cache of HTML pages. HTTP header is "Cache-Control "must-revalidate". Note that WS and assets (images, CSS) should still be cached.

        Attachments

          Activity

            People

            Assignee:
            teryk.bellahsene Teryk Bellahsene
            Reporter:
            simon.brandhof Simon Brandhof (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            5 Start watching this issue

              Dates

              Due:
              Created:
              Updated:
              Resolved: