You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Antonio Sanso (JIRA)" <ji...@apache.org> on 2017/06/13 12:19:00 UTC
[jira] [Comment Edited] (SLING-6937) Referrer Filter: Allow Regex
User Agent Exclusions
[ https://issues.apache.org/jira/browse/SLING-6937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16047787#comment-16047787 ]
Antonio Sanso edited comment on SLING-6937 at 6/13/17 12:18 PM:
----------------------------------------------------------------
fix in rev. r1798584 Thanks a lot [~djaeggi] for the patch. Thanks
was (Author: asanso):
fix in rev. r1784271 Thanks a lot [~djaeggi] for the patch. Thanks
> Referrer Filter: Allow Regex User Agent Exclusions
> --------------------------------------------------
>
> Key: SLING-6937
> URL: https://issues.apache.org/jira/browse/SLING-6937
> Project: Sling
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: Security 1.1.2
> Reporter: Dominique Jäggi
> Assignee: Antonio Sanso
> Fix For: Security 1.1.4
>
> Attachments: _SLING_6937___Referrer_Filter__Allow_Path_Exclusions-2.patch
>
>
> For some cases it would be desirable to skip the referrer check altogether for certain resource paths, instead of simply setting "Allow Empty Referrer", thus weakening the security overall instead of only for a well known set of paths for which it would be desirable.
> For this reason i'd like to propose adding a path whitelist to the referrer filter configuration. Patch attached.
--
This message was sent by Atlassian JIRA
(v6.4.14#64029)