You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@chemistry.apache.org by "Florian Müller (JIRA)" <ji...@apache.org> on 2015/03/03 10:59:04 UTC

[jira] [Commented] (CMIS-893) getRepositories on browser binding repository url

    [ https://issues.apache.org/jira/browse/CMIS-893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14344849#comment-14344849 ] 

Florian Müller commented on CMIS-893:
-------------------------------------

I don't see security implications. If the user can access the repository, he can always call {{http://localhost:8080/browser/something?cmisselector=repositoryInfo}} to get the repository info. This URL must be supported.

The alternative response would be an error message like this:
{code}
{
    "exception": "notSupported",
    "message": "Unknown operation"
}
{code}

I don't think that is less confusing.

> getRepositories on browser binding repository url
> -------------------------------------------------
>
>                 Key: CMIS-893
>                 URL: https://issues.apache.org/jira/browse/CMIS-893
>             Project: Chemistry
>          Issue Type: Bug
>          Components: opencmis-server
>    Affects Versions: OpenCMIS 0.12.0
>            Reporter: Michael Brackx
>            Assignee: Florian Müller
>
> A http get on a repository url returns a getRepositories response.
> This can be confusing and have security implications.
> Example curl:
> {code}
> curl http://localhost:8080/browser/something
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)