You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Cris Rockwell (Jira)" <ji...@apache.org> on 2021/09/28 13:51:00 UTC
[jira] [Created] (SLING-10843) Referrer Filter allowance for app://
Cris Rockwell created SLING-10843:
-------------------------------------
Summary: Referrer Filter allowance for app://
Key: SLING-10843
URL: https://issues.apache.org/jira/browse/SLING-10843
Project: Sling
Issue Type: Improvement
Components: Sling Security
Affects Versions: Security 1.1.20
Reporter: Cris Rockwell
Assignee: Cris Rockwell
Sling's ReferrerFilter has this code in the isValidRequest method.
// check for air referrer - which is always allowedif ( referrer.startsWith("app:/") ) { return true;
}
[Sling ReferrerFilter|https://github.com/apache/sling-org-apache-sling-security/blob/master/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java]
There's no need to have app:// as a hard-coded allowance around the Referrer Filter, because applications can configure allow.hosts.regexp to allow AIR referrer if needed.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)