You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@sling.apache.org by "Felix Meschberger (Created) (JIRA)" <ji...@apache.org> on 2011/12/04 13:57:40 UTC

[jira] [Created] (SLING-2317) Don't call AuthenticationHandler.requestCredentials method on Ajax requests

Don't call AuthenticationHandler.requestCredentials method on Ajax requests
---------------------------------------------------------------------------

                 Key: SLING-2317
                 URL: https://issues.apache.org/jira/browse/SLING-2317
             Project: Sling
          Issue Type: Improvement
          Components: Authentication
    Affects Versions: Auth Core 1.0.6
            Reporter: Felix Meschberger
            Assignee: Felix Meschberger
             Fix For: Auth Core 1.1.0


When handling Ajax requests from browsers, requesting credentials is not appropriate. The Sling Authenticator should not request credentials for Ajax requests but instead just fail the request with 403/FORBIDDEN.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Resolved] (SLING-2317) Don't call AuthenticationHandler.requestCredentials method on Ajax requests

Posted by "Felix Meschberger (Resolved) (JIRA)" <ji...@apache.org>.

     [ https://issues.apache.org/jira/browse/SLING-2317?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Felix Meschberger resolved SLING-2317.
--------------------------------------

       Resolution: Invalid
    Fix Version/s:     (was: Auth Core 1.1.0)

This is already the case. Nothing to do.
                
> Don't call AuthenticationHandler.requestCredentials method on Ajax requests
> ---------------------------------------------------------------------------
>
>                 Key: SLING-2317
>                 URL: https://issues.apache.org/jira/browse/SLING-2317
>             Project: Sling
>          Issue Type: Improvement
>          Components: Authentication
>    Affects Versions: Auth Core 1.0.6
>            Reporter: Felix Meschberger
>            Assignee: Felix Meschberger
>
> When handling Ajax requests from browsers, requesting credentials is not appropriate. The Sling Authenticator should not request credentials for Ajax requests but instead just fail the request with 403/FORBIDDEN.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira