You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@archiva.apache.org by "Brett Porter (JIRA)" <ji...@codehaus.org> on 2010/12/15 03:30:57 UTC
[jira] Created: (MRM-1445) disable referrer check by default
disable referrer check by default
---------------------------------
Key: MRM-1445
URL: http://jira.codehaus.org/browse/MRM-1445
Project: Archiva
Issue Type: Task
Components: Users/Security
Affects Versions: 1.3.2
Reporter: Brett Porter
The redback referrer header check that was added can occasionally cause problems, and is only a preventative measure for other CSRF vulnerabilities.
It should be disabled by default, but the configuration for enabling it documented.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] Closed: (MRM-1445) disable referrer check by default
Posted by "Brett Porter (JIRA)" <ji...@codehaus.org>.
[ http://jira.codehaus.org/browse/MRM-1445?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Brett Porter closed MRM-1445.
-----------------------------
Resolution: Fixed
Fix Version/s: 1.3.3
Assignee: Brett Porter
> disable referrer check by default
> ---------------------------------
>
> Key: MRM-1445
> URL: http://jira.codehaus.org/browse/MRM-1445
> Project: Archiva
> Issue Type: Task
> Components: Users/Security
> Affects Versions: 1.3.2
> Reporter: Brett Porter
> Assignee: Brett Porter
> Fix For: 1.3.3
>
>
> The redback referrer header check that was added can occasionally cause problems, and is only a preventative measure for other CSRF vulnerabilities.
> It should be disabled by default, but the configuration for enabling it documented.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.codehaus.org/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira