You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Eric Norman (Jira)" <ji...@apache.org> on 2021/06/02 17:45:00 UTC
[jira] [Updated] (SLING-10452) adjust HTTP status code for invalid
:redirect value for modifyAce/deleteAce post request
[ https://issues.apache.org/jira/browse/SLING-10452?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Eric Norman updated SLING-10452:
--------------------------------
Description:
When the modifyAce/deleteAce servlets receive an illegal or invalid :redirect parameter it should return a status code of [422|https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/422] instead of 200 because the request was not fully successful.
Currently, the illegal :redirect parameter value is detected and a warning is logged. The request continues to be processed without the redirect occurring. The client has no indication that something went wrong without reviewing the server logs.
For example:
Illegal redirect
{code:java}
curl -F principalId=myuser -F privilege@jcr:read=granted -F :redirect=https://sling.apache.org http://localhost:8080/test/node.modifyAce.html
{code}
invalid redirect
{code:java}
curl -F principalId=myuser -F privilege@jcr:read=granted -F :redirect=https:// http://localhost:8080/test/node.modifyAce.html{code}
was:
When the modifyAce/deleteAce servlets receive an illegal or invalid :redirect parameter it should return a status code of [422|https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/422] instead of 200 because the request was not fully successful.
Currently, the illegal :redirect parameter value is detected and a warning is logged. The request continues to be processed without the redirect occurring. The client has no indication that something went wrong without reviewing the server logs.
For example:
Illegal redirect
{{}}
{code:java}
curl -F principalId=myuser -F privilege@jcr:read=granted -F :redirect=https://sling.apache.org http://localhost:8080/test/node.modifyAce.html
{code}
invalid redirect
{{}}
{code:java}
curl -F principalId=myuser -F privilege@jcr:read=granted -F :redirect=https:// http://localhost:8080/test/node.modifyAce.html{code}
{{}}
{{}}
> adjust HTTP status code for invalid :redirect value for modifyAce/deleteAce post request
> ----------------------------------------------------------------------------------------
>
> Key: SLING-10452
> URL: https://issues.apache.org/jira/browse/SLING-10452
> Project: Sling
> Issue Type: Improvement
> Reporter: Eric Norman
> Assignee: Eric Norman
> Priority: Major
> Fix For: JCR Jackrabbit Access Manager 3.0.10
>
>
> When the modifyAce/deleteAce servlets receive an illegal or invalid :redirect parameter it should return a status code of [422|https://developer.mozilla.org/en-US/docs/Web/HTTP/Status/422] instead of 200 because the request was not fully successful.
> Currently, the illegal :redirect parameter value is detected and a warning is logged. The request continues to be processed without the redirect occurring. The client has no indication that something went wrong without reviewing the server logs.
> For example:
> Illegal redirect
> {code:java}
> curl -F principalId=myuser -F privilege@jcr:read=granted -F :redirect=https://sling.apache.org http://localhost:8080/test/node.modifyAce.html
> {code}
> invalid redirect
> {code:java}
> curl -F principalId=myuser -F privilege@jcr:read=granted -F :redirect=https:// http://localhost:8080/test/node.modifyAce.html{code}
--
This message was sent by Atlassian Jira
(v8.3.4#803005)