You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@chemistry.apache.org by "Florian Müller (JIRA)" <ji...@apache.org> on 2015/03/03 10:59:04 UTC
[jira] [Commented] (CMIS-893) getRepositories on browser binding
repository url
[ https://issues.apache.org/jira/browse/CMIS-893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14344849#comment-14344849 ]
Florian Müller commented on CMIS-893:
-------------------------------------
I don't see security implications. If the user can access the repository, he can always call {{http://localhost:8080/browser/something?cmisselector=repositoryInfo}} to get the repository info. This URL must be supported.
The alternative response would be an error message like this:
{code}
{
"exception": "notSupported",
"message": "Unknown operation"
}
{code}
I don't think that is less confusing.
> getRepositories on browser binding repository url
> -------------------------------------------------
>
> Key: CMIS-893
> URL: https://issues.apache.org/jira/browse/CMIS-893
> Project: Chemistry
> Issue Type: Bug
> Components: opencmis-server
> Affects Versions: OpenCMIS 0.12.0
> Reporter: Michael Brackx
> Assignee: Florian Müller
>
> A http get on a repository url returns a getRepositories response.
> This can be confusing and have security implications.
> Example curl:
> {code}
> curl http://localhost:8080/browser/something
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)