You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Henry Kuijpers (JIRA)" <ji...@apache.org> on 2017/03/24 13:15:41 UTC

[jira] [Created] (SLING-6708) Sling Dynamic Include - Usage of nocache selector allows uncached access to everything

Henry Kuijpers created SLING-6708:
-------------------------------------

             Summary: Sling Dynamic Include - Usage of nocache selector allows uncached access to everything
                 Key: SLING-6708
                 URL: https://issues.apache.org/jira/browse/SLING-6708
             Project: Sling
          Issue Type: Bug
          Components: Extensions
    Affects Versions: Dynamic Include 3.0.0, Dynamic Include 3.0.2
            Reporter: Henry Kuijpers
            Priority: Blocker


The SDI module works with a nocache-selector (or a selector that we arbitrarily choose).

However, we cannot guarantee that only SDI's requests come in through the nocache-selector. It can be any request.

This document says https://github.com/Cognifide/Sling-Dynamic-Include
that we should configure the Dispatcher to not cache when *.nocache.html* can be applied to the request.

This means that anyone can use the nocache-selector on any request to bypass Dispatcher caching for html files.

It even means that ".nocache.html" can appear anywhere in the full request URL.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)