You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Timothee Maret (JIRA)" <ji...@apache.org> on 2013/05/13 21:21:16 UTC
[jira] [Created] (SLING-2870) Support allowed hosts patterns in
ReferrerFilter
Timothee Maret created SLING-2870:
-------------------------------------
Summary: Support allowed hosts patterns in ReferrerFilter
Key: SLING-2870
URL: https://issues.apache.org/jira/browse/SLING-2870
Project: Sling
Issue Type: Improvement
Components: Extensions
Affects Versions: Security 1.0.2
Reporter: Timothee Maret
The current "allow.hosts" setting of the ReferrerFilter can be configured with a list of trusted hosts.
In a setup where the list of allowed hosts is expending as the application runs, it becomes tricky to keep the configuration in sync.
As an example, a service which supports wilcard uris such as
{noformat}
<userId>.my.service.com
{noformat}
would be required to modify the reference filter configuration for each user which is hardly doable.
Thus, I would propose to support regex patterns for the list of "allow.hosts". which would still be secure.
The example above would be configured as:
{noformat}
allow.hosts=*.my.service.com
{noformat}
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira