Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43852

SecurityRealm captcha should use no-store as well as no cache in cache-control

      looking at the code I think that the no-store option should be used in addition to the no-cache.

      as navigating back or resubmitting the data will likely lead to an out of date captcha.

          [JENKINS-43852] SecurityRealm captcha should use no-store as well as no cache in cache-control

          James Nord created issue -
          Oleg Nenashev made changes -
          Labels New: security
          Daniel Beck made changes -
          Labels Original: security New: newbie-friendly security
          Wadeck Follonier made changes -
          Assignee New: Wadeck Follonier [ wfollonier ]
          Wadeck Follonier made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Wadeck Follonier made changes -
          Remote Link New: This issue links to "#3126 (jenkins-core) (Web Link)" [ 17988 ]
          Wadeck Follonier made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]
          Oleg Nenashev made changes -
          Summary Original: securityrealm captcha sould use no-store as well as no cache in cache-control New: SecurityRealm captcha should use no-store as well as no cache in cache-control

          Code changed in jenkins
          User: Wadeck Follonier
          Path:
          core/src/main/java/hudson/security/SecurityRealm.java
          test/src/test/java/hudson/security/SecurityRealmTest.java
          http://jenkins-ci.org/commit/jenkins/80d17f5a68739eafc27d5a3fd003b7eee4cfe8f3
          Log:
          JENKINS-43852 add caching options for captcha (#3126)

          • - remove whitespace
          • - correct unit tests
          • - copy/paste is bad
          • - second edit...

          SCM/JIRA link daemon added a comment - Code changed in jenkins User: Wadeck Follonier Path: core/src/main/java/hudson/security/SecurityRealm.java test/src/test/java/hudson/security/SecurityRealmTest.java http://jenkins-ci.org/commit/jenkins/80d17f5a68739eafc27d5a3fd003b7eee4cfe8f3 Log: JENKINS-43852 add caching options for captcha (#3126) JENKINS-42852 add caching options for captcha - remove whitespace - correct unit tests - copy/paste is bad - second edit...

          Oleg Nenashev added a comment -

          The fix has been integrated towards 2.90

          Oleg Nenashev added a comment - The fix has been integrated towards 2.90
          Oleg Nenashev made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Review [ 10005 ] New: Resolved [ 5 ]

            wfollonier Wadeck Follonier
            teilo James Nord
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: