Uploaded image for project: 'Jenkins'
  1. Jenkins
  2. JENKINS-43852

SecurityRealm captcha should use no-store as well as no cache in cache-control

      looking at the code I think that the no-store option should be used in addition to the no-cache.

      as navigating back or resubmitting the data will likely lead to an out of date captcha.

          [JENKINS-43852] SecurityRealm captcha should use no-store as well as no cache in cache-control

          James Nord created issue -
          Oleg Nenashev made changes -
          Labels New: security
          Daniel Beck made changes -
          Labels Original: security New: newbie-friendly security
          Wadeck Follonier made changes -
          Assignee New: Wadeck Follonier [ wfollonier ]
          Wadeck Follonier made changes -
          Status Original: Open [ 1 ] New: In Progress [ 3 ]
          Wadeck Follonier made changes -
          Remote Link New: This issue links to "#3126 (jenkins-core) (Web Link)" [ 17988 ]
          Wadeck Follonier made changes -
          Status Original: In Progress [ 3 ] New: In Review [ 10005 ]
          Oleg Nenashev made changes -
          Summary Original: securityrealm captcha sould use no-store as well as no cache in cache-control New: SecurityRealm captcha should use no-store as well as no cache in cache-control
          Oleg Nenashev made changes -
          Resolution New: Fixed [ 1 ]
          Status Original: In Review [ 10005 ] New: Resolved [ 5 ]
          Oleg Nenashev made changes -
          Labels Original: newbie-friendly security New: lts-candidate newbie-friendly security
          Oliver Gondža made changes -
          Labels Original: lts-candidate newbie-friendly security New: 2.89.1-fixed newbie-friendly security

            wfollonier Wadeck Follonier
            teilo James Nord
            Votes:
            1 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: