Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Disable caching on SSL pages #3570

Merged
merged 1 commit into from Feb 21, 2023
Merged

Disable caching on SSL pages #3570

merged 1 commit into from Feb 21, 2023

Conversation

lbakerchef
Copy link
Contributor

@lbakerchef lbakerchef commented Jan 9, 2023
edited

We were asked to disable caching on all SSL pages or all pages that contain
sensitive data, pursuant to cacheable SSL pages being discovered with a DAST scan.

This commit adds Cache-Control: no-store and Pragma: no-cache headers to SSL pages.

curl commands
before:

root@api:~# curl --insecure -I https://api.chef-server.dev:443
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:36:55 GMT
Content-Type: text/html
Content-Length: 1749
Last-Modified: Wed, 11 Jan 2023 10:13:40 GMT
Connection: keep-alive
ETag: "63be8bd4-6d5"
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

root@api:~# curl --insecure -I https://api.chef-server.dev:443/index
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:38:18 GMT
Content-Type: text/html
Content-Length: 1749
Last-Modified: Wed, 11 Jan 2023 10:13:40 GMT
Connection: keep-alive
ETag: "63be8bd4-6d5"
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

root@api:~# curl --insecure -I https://api.chef-server.dev:443/css
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:38:30 GMT
Content-Type: text/html
Content-Length: 1749
Last-Modified: Wed, 11 Jan 2023 10:13:40 GMT
Connection: keep-alive
ETag: "63be8bd4-6d5"
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

root@api:~# curl --insecure -I https://api.chef-server.dev:443/images
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:38:36 GMT
Content-Type: text/html
Content-Length: 1749
Last-Modified: Wed, 11 Jan 2023 10:13:40 GMT
Connection: keep-alive
ETag: "63be8bd4-6d5"
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

root@api:~# curl --insecure -I https://api.chef-server.dev:443/version
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:39:01 GMT
Content-Type: text/plain
Content-Length: 6605
Last-Modified: Wed, 11 Jan 2023 06:41:12 GMT
Connection: keep-alive
ETag: "63be5a08-19cd"
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

root@api:~# curl --insecure -I https://api.chef-server.dev:443/organizations/blah/validate
HTTP/1.1 404 Not Found
Date: Wed, 11 Jan 2023 10:39:35 GMT
Content-Type: text/html
Connection: keep-alive

root@api:~# curl --insecure -I https://api.chef-server.dev:443/data-collector
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:39:59 GMT
Content-Type: text/html
Content-Length: 1749
Last-Modified: Wed, 11 Jan 2023 10:13:40 GMT
Connection: keep-alive
ETag: "63be8bd4-6d5"
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

root@api:~# curl --insecure -I https://api.chef-server.dev:443/organizations/blah/data-collector
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:40:19 GMT
Content-Type: text/html
Content-Length: 1749
Last-Modified: Wed, 11 Jan 2023 10:13:40 GMT
Connection: keep-alive
ETag: "63be8bd4-6d5"
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

root@api:~# curl --insecure -I https://api.chef-server.dev:443/organizations/blah/required_recipe
HTTP/1.1 404 Not Found
Date: Wed, 11 Jan 2023 10:40:51 GMT
Content-Type: text/html
Content-Length: 1084
Connection: keep-alive
ETag: "63be8bd4-43c"

root@api:~# curl --insecure -I https://api.chef-server.dev:443/_status
HTTP/1.1 405 Method Not Allowed
Date: Wed, 11 Jan 2023 10:42:32 GMT
Content-Type: text/html
Content-Length: 177
Connection: keep-alive
Allow: GET

root@api:~# curl --insecure -I https://api.chef-server.dev:443/stats
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:42:52 GMT
Content-Type: text/html
Content-Length: 1749
Last-Modified: Wed, 11 Jan 2023 10:13:40 GMT
Connection: keep-alive
ETag: "63be8bd4-6d5"
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

root@api:~# curl --insecure -I https://api.chef-server.dev:443/_route
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:43:22 GMT
Content-Type: text/html
Content-Length: 1749
Last-Modified: Wed, 11 Jan 2023 10:13:40 GMT
Connection: keep-alive
ETag: "63be8bd4-6d5"
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

root@api:~# curl --insecure -I https://api.chef-server.dev:443/
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:43:36 GMT
Content-Type: text/html
Content-Length: 1749
Last-Modified: Wed, 11 Jan 2023 10:13:40 GMT
Connection: keep-alive
ETag: "63be8bd4-6d5"
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

curl commands
after:

root@api:~# curl --insecure -I https://api.chef-server.dev:443
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:36:55 GMT
Content-Type: text/html
Content-Length: 1749
Last-Modified: Wed, 11 Jan 2023 10:13:40 GMT
Connection: keep-alive
ETag: "63be8bd4-6d5"
Cache-Control: no-store
Pragma: no-cache
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

root@api:~# curl --insecure -I https://api.chef-server.dev:443/index
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:38:18 GMT
Content-Type: text/html
Content-Length: 1749
Last-Modified: Wed, 11 Jan 2023 10:13:40 GMT
Connection: keep-alive
ETag: "63be8bd4-6d5"
Cache-Control: no-store
Pragma: no-cache
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

root@api:~# curl --insecure -I https://api.chef-server.dev:443/css
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:38:30 GMT
Content-Type: text/html
Content-Length: 1749
Last-Modified: Wed, 11 Jan 2023 10:13:40 GMT
Connection: keep-alive
ETag: "63be8bd4-6d5"
Cache-Control: no-store
Pragma: no-cache
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

root@api:~# curl --insecure -I https://api.chef-server.dev:443/images
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:38:36 GMT
Content-Type: text/html
Content-Length: 1749
Last-Modified: Wed, 11 Jan 2023 10:13:40 GMT
Connection: keep-alive
ETag: "63be8bd4-6d5"
Cache-Control: no-store
Pragma: no-cache
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

root@api:~# curl --insecure -I https://api.chef-server.dev:443/version
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:39:01 GMT
Content-Type: text/plain
Content-Length: 6605
Last-Modified: Wed, 11 Jan 2023 06:41:12 GMT
Connection: keep-alive
ETag: "63be5a08-19cd"
Cache-Control: no-store
Pragma: no-cache
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

root@api:~# curl --insecure -I https://api.chef-server.dev:443/organizations/blah/validate
HTTP/1.1 404 Not Found
Date: Wed, 11 Jan 2023 10:39:35 GMT
Content-Type: text/html
Connection: keep-alive
Cache-Control: no-store
Pragma: no-cache

root@api:~# curl --insecure -I https://api.chef-server.dev:443/data-collector
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:39:59 GMT
Content-Type: text/html
Content-Length: 1749
Last-Modified: Wed, 11 Jan 2023 10:13:40 GMT
Connection: keep-alive
ETag: "63be8bd4-6d5"
Cache-Control: no-store
Pragma: no-cache
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

root@api:~# curl --insecure -I https://api.chef-server.dev:443/organizations/blah/data-collector
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:40:19 GMT
Content-Type: text/html
Content-Length: 1749
Last-Modified: Wed, 11 Jan 2023 10:13:40 GMT
Connection: keep-alive
ETag: "63be8bd4-6d5"
Cache-Control: no-store
Pragma: no-cache
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

root@api:~# curl --insecure -I https://api.chef-server.dev:443/organizations/blah/required_recipe
HTTP/1.1 404 Not Found
Date: Wed, 11 Jan 2023 10:40:51 GMT
Content-Type: text/html
Content-Length: 1084
Connection: keep-alive
ETag: "63be8bd4-43c"
Cache-Control: no-store
Pragma: no-cache

root@api:~# curl --insecure -I https://api.chef-server.dev:443/_status
HTTP/1.1 405 Method Not Allowed
Date: Wed, 11 Jan 2023 10:42:32 GMT
Content-Type: text/html
Content-Length: 177
Connection: keep-alive
Allow: GET
Cache-Control: no-store
Pragma: no-cache

root@api:~# curl --insecure -I https://api.chef-server.dev:443/stats
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:42:52 GMT
Content-Type: text/html
Content-Length: 1749
Last-Modified: Wed, 11 Jan 2023 10:13:40 GMT
Connection: keep-alive
ETag: "63be8bd4-6d5"
Cache-Control: no-store
Pragma: no-cache
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

root@api:~# curl --insecure -I https://api.chef-server.dev:443/_route
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:43:22 GMT
Content-Type: text/html
Content-Length: 1749
Last-Modified: Wed, 11 Jan 2023 10:13:40 GMT
Connection: keep-alive
ETag: "63be8bd4-6d5"
Cache-Control: no-store
Pragma: no-cache
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

root@api:~# curl --insecure -I https://api.chef-server.dev:443/
HTTP/1.1 200 OK
Date: Wed, 11 Jan 2023 10:43:36 GMT
Content-Type: text/html
Content-Length: 1749
Last-Modified: Wed, 11 Jan 2023 10:13:40 GMT
Connection: keep-alive
ETag: "63be8bd4-6d5"
Cache-Control: no-store
Pragma: no-cache
Content-Security-Policy: default-src 'self';
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Permissions-Policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
Referrer-Policy: strict-origin
Strict-Transport-Security: max-age=31536000; includeSubDomains
Accept-Ranges: bytes

knife cookbook commands
before

# /opt/opscode/embedded/bin/knife cookbook list -VVV
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 08:19:57 GMT
TRACE: content-type: application/json
TRACE: content-length: 2
TRACE: connection: close
TRACE: x-ops-server-api-version: {"min_version":"0","max_version":"2","request_version":"2","response_version":"2"}
TRACE: x-frame-options: DENY
TRACE: content-security-policy: default-src 'self';
TRACE: x-content-type-options: nosniff
TRACE: permissions-policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
TRACE: referrer-policy: strict-origin
TRACE: strict-transport-security: max-age=31536000; includeSubDomains
TRACE: ---- End HTTP Status/Header Data ----
example   1.0.0
yoda      0.1.0

# /opt/opscode/embedded/bin/knife cookbook upload -VVV --all --cookbook-path ./cookbooks/
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 08:23:53 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-ops-server-api-version: {"min_version":"0","max_version":"2","request_version":"2","response_version":"2"}
TRACE: x-frame-options: DENY
TRACE: content-security-policy: default-src 'self';
TRACE: x-content-type-options: nosniff
TRACE: permissions-policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
TRACE: referrer-policy: strict-origin
TRACE: strict-transport-security: max-age=31536000; includeSubDomains
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
Uploading example        [1.0.0]
Uploading yoda           [0.1.0]
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 201 Created
TRACE: date: Wed, 15 Feb 2023 08:23:53 GMT
TRACE: content-type: application/json
TRACE: content-length: 863
TRACE: connection: close
TRACE: x-ops-server-api-version: {"min_version":"0","max_version":"2","request_version":"2","response_version":"2"}
TRACE: location: http://api.chef-server.dev/organizations/clownville/sandboxes/4f8e54a82c0e05890e85cd76f53206c8
TRACE: x-frame-options: DENY
TRACE: content-security-policy: default-src 'self';
TRACE: x-content-type-options: nosniff
TRACE: permissions-policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
TRACE: referrer-policy: strict-origin
TRACE: strict-transport-security: max-age=31536000; includeSubDomains
TRACE: ---- End HTTP Status/Header Data ----
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 08:23:53 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-ops-server-api-version: {"min_version":"0","max_version":"2","request_version":"2","response_version":"2"}
TRACE: x-frame-options: DENY
TRACE: content-security-policy: default-src 'self';
TRACE: x-content-type-options: nosniff
TRACE: permissions-policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
TRACE: referrer-policy: strict-origin
TRACE: strict-transport-security: max-age=31536000; includeSubDomains
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 08:23:53 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-ops-server-api-version: {"min_version":"0","max_version":"2","request_version":"2","response_version":"2"}
TRACE: x-frame-options: DENY
TRACE: content-security-policy: default-src 'self';
TRACE: x-content-type-options: nosniff
TRACE: permissions-policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
TRACE: referrer-policy: strict-origin
TRACE: strict-transport-security: max-age=31536000; includeSubDomains
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 08:23:53 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-ops-server-api-version: {"min_version":"0","max_version":"2","request_version":"2","response_version":"2"}
TRACE: x-frame-options: DENY
TRACE: content-security-policy: default-src 'self';
TRACE: x-content-type-options: nosniff
TRACE: permissions-policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
TRACE: referrer-policy: strict-origin
TRACE: strict-transport-security: max-age=31536000; includeSubDomains
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
Uploaded all cookbooks.

# /opt/opscode/embedded/bin/knife cookbook download example -VVV --force
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 08:28:39 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-ops-server-api-version: {"min_version":"0","max_version":"2","request_version":"2","response_version":"2"}
TRACE: x-frame-options: DENY
TRACE: content-security-policy: default-src 'self';
TRACE: x-content-type-options: nosniff
TRACE: permissions-policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
TRACE: referrer-policy: strict-origin
TRACE: strict-transport-security: max-age=31536000; includeSubDomains
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 08:28:39 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-ops-server-api-version: {"min_version":"0","max_version":"2","request_version":"2","response_version":"2"}
TRACE: x-frame-options: DENY
TRACE: content-security-policy: default-src 'self';
TRACE: x-content-type-options: nosniff
TRACE: permissions-policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
TRACE: referrer-policy: strict-origin
TRACE: strict-transport-security: max-age=31536000; includeSubDomains
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 08:28:39 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-amz-request-id: g2gDZAATYm9va3NoZWxmQDEyNy4wLjAuMWgDYgAABoxiAAbct2IACa5JYSU=
TRACE: last-modified: Wed, 15 Feb 2023 08:22:27 GMT
TRACE: etag: W/"Mk8/P9GhTIheKo35tpfZ7A=="
TRACE: cache-control: max-age=28800
TRACE: x-frame-options: DENY
TRACE: content-security-policy: default-src 'self';
TRACE: x-content-type-options: nosniff
TRACE: permissions-policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
TRACE: referrer-policy: strict-origin
TRACE: strict-transport-security: max-age=31536000; includeSubDomains
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 08:28:39 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-amz-request-id: g2gDZAATYm9va3NoZWxmQDEyNy4wLjAuMWgDYgAABoxiAAbct2IACeejYWU=
TRACE: last-modified: Wed, 15 Feb 2023 08:22:27 GMT
TRACE: etag: W/"B2UrBKnTfzFy0MzRf6inbQ=="
TRACE: cache-control: max-age=28800
TRACE: x-frame-options: DENY
TRACE: content-security-policy: default-src 'self';
TRACE: x-content-type-options: nosniff
TRACE: permissions-policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
TRACE: referrer-policy: strict-origin
TRACE: strict-transport-security: max-age=31536000; includeSubDomains
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 08:28:39 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-amz-request-id: g2gDZAATYm9va3NoZWxmQDEyNy4wLjAuMWgDYgAABoxiAAbct2IACh9WYaU=
TRACE: last-modified: Wed, 15 Feb 2023 08:22:27 GMT
TRACE: etag: W/"TJ2+dVcNfzhP1anZysYuIA=="
TRACE: cache-control: max-age=28800
TRACE: x-frame-options: DENY
TRACE: content-security-policy: default-src 'self';
TRACE: x-content-type-options: nosniff
TRACE: permissions-policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
TRACE: referrer-policy: strict-origin
TRACE: strict-transport-security: max-age=31536000; includeSubDomains
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 08:28:39 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-amz-request-id: g2gDZAATYm9va3NoZWxmQDEyNy4wLjAuMWgDYgAABoxiAAbct2IACnphYeU=
TRACE: last-modified: Wed, 15 Feb 2023 08:22:27 GMT
TRACE: etag: W/"uCEBjMRwPf2fyfP8BlmAjw=="
TRACE: cache-control: max-age=28800
TRACE: x-frame-options: DENY
TRACE: content-security-policy: default-src 'self';
TRACE: x-content-type-options: nosniff
TRACE: permissions-policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
TRACE: referrer-policy: strict-origin
TRACE: strict-transport-security: max-age=31536000; includeSubDomains
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 08:28:39 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-amz-request-id: g2gDZAATYm9va3NoZWxmQDEyNy4wLjAuMWgDYgAABoxiAAbct2IACtMkYgAAASU=
TRACE: last-modified: Wed, 15 Feb 2023 08:22:27 GMT
TRACE: etag: W/"Vv43JGPrpKAc8lMWT4fHCA=="
TRACE: cache-control: max-age=28800
TRACE: x-frame-options: DENY
TRACE: content-security-policy: default-src 'self';
TRACE: x-content-type-options: nosniff
TRACE: permissions-policy: camera=(); payment=(); microphone=(); gyroscope=(); magnetometer=(); midi=(); geolocation=()
TRACE: referrer-policy: strict-origin
TRACE: strict-transport-security: max-age=31536000; includeSubDomains
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
Cookbook downloaded to /host/repo/example-1.0.0

knife cookbook commands
after

# /opt/opscode/embedded/bin/knife cookbook list -VVV
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 03:52:19 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-ops-server-api-version: {"min_version":"0","max_version":"2","request_version":"2","response_version":"2"}
TRACE: cache-control: no-store
TRACE: pragma: no-cache
TRACE: content-encoding: gzip
example   1.0.0
yoda      0.1.0

# /opt/opscode/embedded/bin/knife cookbook upload -VVV --all --cookbook-path ./cookbooks/
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 03:59:26 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-ops-server-api-version: {"min_version":"0","max_version":"2","request_version":"2","response_version":"2"}
TRACE: cache-control: no-store
TRACE: pragma: no-cache
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
Uploading example        [1.0.0]
Uploading yoda           [0.1.0]
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 201 Created
TRACE: date: Wed, 15 Feb 2023 03:59:26 GMT
TRACE: content-type: application/json
TRACE: content-length: 863
TRACE: connection: close
TRACE: x-ops-server-api-version: {"min_version":"0","max_version":"2","request_version":"2","response_version":"2"}
TRACE: location: http://api.chef-server.dev/organizations/clownville/sandboxes/2c6d289c31d53423a17b657a3da13300
TRACE: cache-control: no-store
TRACE: pragma: no-cache
TRACE: ---- End HTTP Status/Header Data ----
INFO: Uploading files
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 03:59:26 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-ops-server-api-version: {"min_version":"0","max_version":"2","request_version":"2","response_version":"2"}
TRACE: cache-control: no-store
TRACE: pragma: no-cache
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 03:59:26 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-ops-server-api-version: {"min_version":"0","max_version":"2","request_version":"2","response_version":"2"}
TRACE: cache-control: no-store
TRACE: pragma: no-cache
TRACE: content-encoding: gzip
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 03:59:26 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-ops-server-api-version: {"min_version":"0","max_version":"2","request_version":"2","response_version":"2"}
TRACE: cache-control: no-store
TRACE: pragma: no-cache
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
INFO: Upload complete!
Uploaded all cookbooks.

# /opt/opscode/embedded/bin/knife cookbook download example -VVV --force
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 04:04:21 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-ops-server-api-version: {"min_version":"0","max_version":"2","request_version":"2","response_version":"2"}
TRACE: cache-control: no-store
TRACE: pragma: no-cache
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 04:04:22 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-ops-server-api-version: {"min_version":"0","max_version":"2","request_version":"2","response_version":"2"}
TRACE: cache-control: no-store
TRACE: pragma: no-cache
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 04:04:22 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-amz-request-id: g2gDZAATYm9va3NoZWxmQDEyNy4wLjAuMWgDYgAABoxiAAaexmIAAG63YgAAASQ=
TRACE: last-modified: Wed, 15 Feb 2023 03:39:38 GMT
TRACE: etag: W/"Mk8/P9GhTIheKo35tpfZ7A=="
TRACE: cache-control: max-age=28800, no-store
TRACE: pragma: no-cache
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 04:04:22 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-amz-request-id: g2gDZAATYm9va3NoZWxmQDEyNy4wLjAuMWgDYgAABoxiAAaexmIAAMdBYgAAAWQ=
TRACE: last-modified: Wed, 15 Feb 2023 03:39:38 GMT
TRACE: etag: W/"B2UrBKnTfzFy0MzRf6inbQ=="
TRACE: cache-control: max-age=28800, no-store
TRACE: pragma: no-cache
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 04:04:22 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-amz-request-id: g2gDZAATYm9va3NoZWxmQDEyNy4wLjAuMWgDYgAABoxiAAaexmIAARvGYgAAAaQ=
TRACE: last-modified: Wed, 15 Feb 2023 03:39:38 GMT
TRACE: etag: W/"TJ2+dVcNfzhP1anZysYuIA=="
TRACE: cache-control: max-age=28800, no-store
TRACE: pragma: no-cache
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 04:04:22 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-amz-request-id: g2gDZAATYm9va3NoZWxmQDEyNy4wLjAuMWgDYgAABoxiAAaexmIAAXCZYgAAAeQ=
TRACE: last-modified: Wed, 15 Feb 2023 03:39:38 GMT
TRACE: etag: W/"uCEBjMRwPf2fyfP8BlmAjw=="
TRACE: cache-control: max-age=28800, no-store
TRACE: pragma: no-cache
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
TRACE: ---- HTTP Status and Header Data: ----
TRACE: HTTP 1.1 200 OK
TRACE: date: Wed, 15 Feb 2023 04:04:22 GMT
TRACE: content-type: application/json
TRACE: transfer-encoding: chunked
TRACE: connection: close
TRACE: x-amz-request-id: g2gDZAATYm9va3NoZWxmQDEyNy4wLjAuMWgDYgAABoxiAAaexmIAAct/YgAAAiQ=
TRACE: last-modified: Wed, 15 Feb 2023 03:39:38 GMT
TRACE: etag: W/"Vv43JGPrpKAc8lMWT4fHCA=="
TRACE: cache-control: max-age=28800, no-store
TRACE: pragma: no-cache
TRACE: content-encoding: gzip
TRACE: ---- End HTTP Status/Header Data ----
Cookbook downloaded to /host/repo/example-1.0.0

manage

image

Adhoc:
https://buildkite.com/chef/chef-chef-server-main-omnibus-adhoc/builds/5404
Umbrella:
https://buildkite.com/chef/chef-umbrella-main-chef-server/builds/1807

@lbakerchef lbakerchef self-assigned this Jan 9, 2023
@lbakerchef lbakerchef requested review from a team as code owners January 9, 2023 22:36
@netlify
Copy link

netlify bot commented Jan 9, 2023
edited

👷 Deploy Preview for chef-server processing.

Name Link
🔨 Latest commit 87d3fb3
🔍 Latest deploy log https://app.netlify.com/sites/chef-server/deploys/63e3c2c596b91800085796b9

@lbakerchef lbakerchef force-pushed the lbaker/INFS-241/cacheable branch 5 times, most recently from 7127ad5 to 6990518 Compare January 17, 2023 17:24
@lbakerchef
Disable caching on SSL pages
87d3fb3 
We were asked to disable caching on all SSL pages or all pages that contain
sensitive data, pursuant to cacheable SSL pages being discovered via DAST scan.

This commit adds `Cache-Control: no-store` and `Pragma: no-cache` headers to
certain SSL pages.

Signed-off-by: Lincoln Baker <lbaker@chef.io>
@sonarcloud
Copy link

sonarcloud bot commented Feb 8, 2023

Kudos, SonarCloud Quality Gate passed!    Quality Gate passed

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities
Security Hotspot A 0 Security Hotspots
Code Smell A 0 Code Smells

No Coverage information No Coverage information
16.2% 16.2% Duplication

@jashaik jashaik merged commit 2c30fde into main Feb 21, 2023
@jashaik jashaik deleted the lbaker/INFS-241/cacheable branch February 21, 2023 14:43
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jashaik jashaik jashaik approved these changes

Assignees

@lbakerchef lbakerchef

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@lbakerchef @jashaik