You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Antonio Sanso (JIRA)" <ji...@apache.org> on 2017/06/21 07:01:00 UTC

[jira] [Closed] (SLING-6937) Referrer Filter: Allow Regex User Agent Exclusions

     [ https://issues.apache.org/jira/browse/SLING-6937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Antonio Sanso closed SLING-6937.
--------------------------------

> Referrer Filter: Allow Regex User Agent Exclusions
> --------------------------------------------------
>
>                 Key: SLING-6937
>                 URL: https://issues.apache.org/jira/browse/SLING-6937
>             Project: Sling
>          Issue Type: Improvement
>          Components: Extensions
>    Affects Versions: Security 1.1.2
>            Reporter: Dominique Jäggi
>            Assignee: Antonio Sanso
>             Fix For: Security 1.1.4
>
>         Attachments: _SLING_6937___Referrer_Filter__Allow_Path_Exclusions-2.patch
>
>
> For some cases it would be desirable to skip the referrer check altogether for certain resource paths, instead of simply setting "Allow Empty Referrer", thus weakening the security overall instead of only for a well known set of paths for which it would be desirable.
> For this reason i'd like to propose adding a path whitelist to the referrer filter configuration. Patch attached.



--
This message was sent by Atlassian JIRA
(v6.4.14#64029)