•  
      request #14936 The zip archive of a document folder should not be indicated as public information
    Infos
    #14936
    Thomas Gerbet (tgerbet)
    2020-06-04 09:23
    2020-06-02 12:04
    16191
    Details
    The zip archive of a document folder should not be indicated as public information
    When downloading the zip archive of a document folder some cache headers are set. Those cache headers mark the zip archive as public information which can incite a potential proxy server to serve the same archive to different users. This can lead to an information leak since permissions might not be respected.
    Doc/Documentation manager
    11.15
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Thomas Gerbet (tgerbet)
    Closed
    2020-06-02
    Attachments
    Empty
    References

    Follow-ups