You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 10:13:02 UTC

[sling-org-apache-sling-security] 03/30: SLING-2198 - allowing request if the referrer host name matches the request host name (also, internalizing the PropertiesUtil class for compatibility purposes)

This is an automated email from the ASF dual-hosted git repository.

rombert pushed a commit to annotated tag org.apache.sling.security-1.0.10
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git

commit d87917c332f1e40b273cf6abee2f584897e47a2a
Author: Justin Edelson <ju...@apache.org>
AuthorDate: Wed Aug 31 15:12:00 2011 +0000

    SLING-2198 - allowing request if the referrer host name matches the request host name (also, internalizing the PropertiesUtil class for compatibility purposes)
    
    git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1163660 13f79535-47bb-0310-9956-ffa450edef68
---
 pom.xml                                                          | 3 +++
 src/main/java/org/apache/sling/security/impl/ReferrerFilter.java | 6 ++++++
 2 files changed, 9 insertions(+)

diff --git a/pom.xml b/pom.xml
index 7098fd6..3dcda90 100644
--- a/pom.xml
+++ b/pom.xml
@@ -58,6 +58,9 @@
                 <configuration>
                     <instructions>
                         <Bundle-Category>sling</Bundle-Category>
+                        <Embed-Dependency>
+                            org.apache.sling.commons.osgi;inline=org/apache/sling/commons/osgi/PropertiesUtil.*
+                        </Embed-Dependency>
                         <Private-Package>
                             org.apache.sling.security.impl
                         </Private-Package>
diff --git a/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java b/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
index ddb4ca1..0302ac7 100644
--- a/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
+++ b/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
@@ -282,6 +282,12 @@ public class ReferrerFilter implements Filter {
             return false;
         }
 
+        // allow the request if the host name of the referrer is
+        // the same as the request's host name
+        if ( info.host.equals(request.getServerName()) ) {
+            return true;
+        }
+
         boolean valid = false;
         for(final URL ref : this.allowedReferrers) {
             if ( info.host.equals(ref.getHost()) && info.scheme.equals(ref.getProtocol()) ) {

-- 
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.