[Feature] Strengthen the protection against sniffing of panel resource files #7999

SolomonLeon · 2025-02-25T14:46:00Z

SolomonLeon
Feb 25, 2025

1Panel Version

v1.10.25-lts

Please describe your needs or suggestions for improvements

The resource files under assets can be accessed without SecurityEntrance cookies, this may provide attackers with information, leading to an increase in the attack surface.

Please describe the solution you suggest

Return 404 or 500 error unless the correct SecurityEntrance cookie is sent.

Additional Information

No response

wanghe-fit2cloud · 2025-02-25T15:00:14Z

wanghe-fit2cloud
Feb 25, 2025
Maintainer

Thank you for the feedback. Currently, some static resources on the 1Panel login page are allowed for anonymous access.

0 replies

wanghe-fit2cloud · 2025-02-25T15:00:40Z

wanghe-fit2cloud
Feb 25, 2025
Maintainer

The issue has been converted to a discussion.

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Feature] Strengthen the protection against sniffing of panel resource files #7999

{{title}}

Replies: 2 comments

{{title}}

{{title}}

Select a reply

[Feature] Strengthen the protection against sniffing of panel resource files #7999

SolomonLeon Feb 25, 2025

1Panel Version

Please describe your needs or suggestions for improvements

Please describe the solution you suggest

Additional Information

Replies: 2 comments

wanghe-fit2cloud Feb 25, 2025 Maintainer

wanghe-fit2cloud Feb 25, 2025 Maintainer

SolomonLeon
Feb 25, 2025

wanghe-fit2cloud
Feb 25, 2025
Maintainer

wanghe-fit2cloud
Feb 25, 2025
Maintainer