You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@archiva.apache.org by "Brett Porter (JIRA)" <ji...@codehaus.org> on 2010/12/15 03:30:57 UTC

[jira] Created: (MRM-1445) disable referrer check by default

disable referrer check by default
---------------------------------

                 Key: MRM-1445
                 URL: http://jira.codehaus.org/browse/MRM-1445
             Project: Archiva
          Issue Type: Task
          Components: Users/Security
    Affects Versions: 1.3.2
            Reporter: Brett Porter


The redback referrer header check that was added can occasionally cause problems, and is only a preventative measure for other CSRF vulnerabilities.

It should be disabled by default, but the configuration for enabling it documented.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] Closed: (MRM-1445) disable referrer check by default

Posted by "Brett Porter (JIRA)" <ji...@codehaus.org>.

     [ http://jira.codehaus.org/browse/MRM-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Brett Porter closed MRM-1445.
-----------------------------

       Resolution: Fixed
    Fix Version/s: 1.3.3
         Assignee: Brett Porter

> disable referrer check by default
> ---------------------------------
>
>                 Key: MRM-1445
>                 URL: http://jira.codehaus.org/browse/MRM-1445
>             Project: Archiva
>          Issue Type: Task
>          Components: Users/Security
>    Affects Versions: 1.3.2
>            Reporter: Brett Porter
>            Assignee: Brett Porter
>             Fix For: 1.3.3
>
>
> The redback referrer header check that was added can occasionally cause problems, and is only a preventative measure for other CSRF vulnerabilities.
> It should be disabled by default, but the configuration for enabling it documented.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira