You are viewing a plain text version of this content. The canonical link for it is here.

Posted to commits@sling.apache.org by ro...@apache.org on 2017/11/07 10:12:49 UTC

[sling-org-apache-sling-security] 11/20: Update default list

This is an automated email from the ASF dual-hosted git repository.

rombert pushed a commit to annotated tag org.apache.sling.security-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git

commit ea48c8c162a689c28ec3e6b8688ff31a95735f4f
Author: Carsten Ziegeler <cz...@apache.org>
AuthorDate: Wed Aug 3 16:47:37 2011 +0000

    Update default list
    
    git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1153576 13f79535-47bb-0310-9956-ffa450edef68
---
 src/main/java/org/apache/sling/security/impl/ReferrerFilter.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java b/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
index f8ad2ce..704b915 100644
--- a/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
+++ b/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
@@ -125,6 +125,7 @@ public class ReferrerFilter implements Filter {
         referrers.add("https://localhost" + ":0");
         referrers.add("https://127.0.0.1" + ":0");
         referrers.add("https://[::1]" + ":0");
+        referrers.add("https://[::1]" + ":0");
         return referrers;
     }
 
@@ -267,6 +268,10 @@ public class ReferrerFilter implements Filter {
         if ( referrer.indexOf(":/") == - 1 ) {
             return true;
         }
+        // check for air referrer - which is always allowed
+        if ( referrer.startsWith("app:/") ) {
+            return true;
+        }
 
         final HostInfo info = getHost(referrer);
         if ( info == null ) {

-- 
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <co...@sling.apache.org>.