View Issue Details

Related ChangesetsJump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0009723Talerexchangepublic2025-04-10 18:462025-08-31 19:09
ReporterChristian Grothoff Assigned ToChristian Grothoff  
PrioritynormalSeverityminorReproducibilityN/A
Status closedResolutionfixed 
Platformi7OSDebian GNU/LinuxOS Versionsqueeze
Product Versiongit (master) 
Target Version1.0 stretch goalsFixed in Version1.0 stretch goals 
Summary0009723: exchange should set cache-control headers on GET requests to 'no-store' disable caching in some cases
DescriptionSome GET APIs return somewhat private data, we should explicitly tell HTTP caches to not store those.
This might have prevented a (minor) security issue found by RoS where i-Things cached possibly sensitive data on exposed local storage.
TagsNo tags attached.

Activities

Christian Grothoff

2025-06-22 13:49

manager   ~0025302

Fix committed to master branch.

Related Changesets

merchant: master 6ca94626

2025-06-22 15:48

Christian Grothoff


Details Diff		 add 'Cache-control: no-store' by default (fixes 0009723) Affected Issues
0009723
mod - src/backend/taler-merchant-httpd.c Diff File

Issue History

Date Modified Username Field Change
2025-04-10 18:46 Christian Grothoff New Issue
2025-04-10 18:46 Christian Grothoff Status new => assigned
2025-04-10 18:46 Christian Grothoff Assigned To => Christian Grothoff
2025-04-10 18:46 Christian Grothoff Assigned To Christian Grothoff =>
2025-04-10 18:46 Christian Grothoff Status assigned => confirmed
2025-06-22 00:22 Christian Grothoff Assigned To => Christian Grothoff
2025-06-22 00:22 Christian Grothoff Status confirmed => assigned
2025-06-22 13:49 Christian Grothoff Changeset attached => merchant master 6ca94626
2025-06-22 13:49 Christian Grothoff Note Added: 0025302
2025-06-22 13:49 Christian Grothoff Status assigned => resolved
2025-06-22 13:49 Christian Grothoff Resolution open => fixed
2025-06-22 13:49 Christian Grothoff Fixed in Version => 1.0 stretch goals
2025-06-22 13:49 Christian Grothoff Target Version post-1.0 => 1.0 stretch goals
2025-08-31 19:09 Christian Grothoff Status resolved => closed