You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Felix Meschberger (Created) (JIRA)" <ji...@apache.org> on 2011/12/04 13:57:40 UTC
[jira] [Created] (SLING-2317) Don't call
AuthenticationHandler.requestCredentials method on Ajax requests
Don't call AuthenticationHandler.requestCredentials method on Ajax requests
---------------------------------------------------------------------------
Key: SLING-2317
URL: https://issues.apache.org/jira/browse/SLING-2317
Project: Sling
Issue Type: Improvement
Components: Authentication
Affects Versions: Auth Core 1.0.6
Reporter: Felix Meschberger
Assignee: Felix Meschberger
Fix For: Auth Core 1.1.0
When handling Ajax requests from browsers, requesting credentials is not appropriate. The Sling Authenticator should not request credentials for Ajax requests but instead just fail the request with 403/FORBIDDEN.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
[jira] [Resolved] (SLING-2317) Don't call
AuthenticationHandler.requestCredentials method on Ajax requests
Posted by "Felix Meschberger (Resolved) (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SLING-2317?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Felix Meschberger resolved SLING-2317.
--------------------------------------
Resolution: Invalid
Fix Version/s: (was: Auth Core 1.1.0)
This is already the case. Nothing to do.
> Don't call AuthenticationHandler.requestCredentials method on Ajax requests
> ---------------------------------------------------------------------------
>
> Key: SLING-2317
> URL: https://issues.apache.org/jira/browse/SLING-2317
> Project: Sling
> Issue Type: Improvement
> Components: Authentication
> Affects Versions: Auth Core 1.0.6
> Reporter: Felix Meschberger
> Assignee: Felix Meschberger
>
> When handling Ajax requests from browsers, requesting credentials is not appropriate. The Sling Authenticator should not request credentials for Ajax requests but instead just fail the request with 403/FORBIDDEN.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira