You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@lucene.apache.org by "Raphaël Droz (JIRA)" <ji...@apache.org> on 2012/05/24 15:21:55 UTC
[jira] [Created] (SOLR-3485) Make /browse (files and handlers)
dependencies self URL-contained
Raphaël Droz created SOLR-3485:
----------------------------------
Summary: Make /browse (files and handlers) dependencies self URL-contained
Key: SOLR-3485
URL: https://issues.apache.org/jira/browse/SOLR-3485
Project: Solr
Issue Type: Improvement
Components: web gui
Affects Versions: 4.0
Reporter: Raphaël Droz
Priority: Minor
Assuming that /browse may be, now or later, safe for a public use it would be very useful to make it "self-contained" in a given URL pattern in order to allow URL-based access restrictions.
There are 3 issues here :
* static files (css/js/img)
* external handlers like /terms, /clustering
* pattern switch between /browse/* and /collection1/browse/*
I only try to address the 1st issue, in the comment below.
If both /terms and /clustering are safe to be public, then issue 2 may be omitted.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[jira] [Updated] (SOLR-3485) Make /browse (files and handlers)
dependencies self URL-contained
Posted by "Raphaël Droz (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SOLR-3485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Raphaël Droz updated SOLR-3485:
-------------------------------
Attachment: SOLR-3485-browse-static-files-URL-1.patch
patch affects the example configuration :
* changes the location of expected for jquery.autocomplete.* and main.css
* creates the corresponding /browse/file solr.admin.ShowFileRequestHandler.
It makes use of the patch provided in issue #SOLR-1833 in order to provide access to the restricted set of files absolutely needed and explicitly allowed.
> Make /browse (files and handlers) dependencies self URL-contained
> -----------------------------------------------------------------
>
> Key: SOLR-3485
> URL: https://issues.apache.org/jira/browse/SOLR-3485
> Project: Solr
> Issue Type: Improvement
> Components: web gui
> Affects Versions: 4.0
> Reporter: Raphaël Droz
> Priority: Minor
> Attachments: SOLR-3485-browse-static-files-URL-1.patch
>
>
> Assuming that /browse may be, now or later, safe for a public use it would be very useful to make it "self-contained" in a given URL pattern in order to allow URL-based access restrictions.
> There are 3 issues here :
> * static files (css/js/img)
> * external handlers like /terms, /clustering
> * pattern switch between /browse/* and /collection1/browse/*
> I only try to address the 1st issue, in the comment below.
> If both /terms and /clustering are safe to be public, then issue 2 may be omitted.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[jira] [Comment Edited] (SOLR-3485) Make /browse (files and
handlers) dependencies self URL-contained
Posted by "Raphaël Droz (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SOLR-3485?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13282500#comment-13282500 ]
Raphaël Droz edited comment on SOLR-3485 at 5/24/12 1:34 PM:
-------------------------------------------------------------
patch affects the example configuration :
* changes the location of expected for jquery.autocomplete.* and main.css
* creates the corresponding /browse/file solr.admin.ShowFileRequestHandler.
It makes use of the patch provided in issue SOLR-1833 in order to provide access to the restricted set of files absolutely needed and explicitly allowed.
was (Author: drzraf):
patch affects the example configuration :
* changes the location of expected for jquery.autocomplete.* and main.css
* creates the corresponding /browse/file solr.admin.ShowFileRequestHandler.
It makes use of the patch provided in issue #SOLR-1833 in order to provide access to the restricted set of files absolutely needed and explicitly allowed.
> Make /browse (files and handlers) dependencies self URL-contained
> -----------------------------------------------------------------
>
> Key: SOLR-3485
> URL: https://issues.apache.org/jira/browse/SOLR-3485
> Project: Solr
> Issue Type: Improvement
> Components: web gui
> Affects Versions: 4.0
> Reporter: Raphaël Droz
> Priority: Minor
> Attachments: SOLR-3485-browse-static-files-URL-1.patch
>
>
> Assuming that /browse may be, now or later, safe for a public use it would be very useful to make it "self-contained" in a given URL pattern in order to allow URL-based access restrictions.
> There are 3 issues here :
> * static files (css/js/img)
> * external handlers like /terms, /clustering
> * pattern switch between /browse/* and /collection1/browse/*
> I only try to address the 1st issue, in the comment below.
> If both /terms and /clustering are safe to be public, then issue 2 may be omitted.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org
[jira] [Updated] (SOLR-3485) Make /browse (files and handlers)
dependencies self URL-contained
Posted by "Raphaël Droz (JIRA)" <ji...@apache.org>.
[ https://issues.apache.org/jira/browse/SOLR-3485?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Raphaël Droz updated SOLR-3485:
-------------------------------
Comment: was deleted
(was: Not really a blocker but whitelisting allowed files is probably the preferred way.)
> Make /browse (files and handlers) dependencies self URL-contained
> -----------------------------------------------------------------
>
> Key: SOLR-3485
> URL: https://issues.apache.org/jira/browse/SOLR-3485
> Project: Solr
> Issue Type: Improvement
> Components: web gui
> Affects Versions: 4.0
> Reporter: Raphaël Droz
> Priority: Minor
> Attachments: SOLR-3485-browse-static-files-URL-1.patch
>
>
> Assuming that /browse may be, now or later, safe for a public use it would be very useful to make it "self-contained" in a given URL pattern in order to allow URL-based access restrictions.
> There are 3 issues here :
> * static files (css/js/img)
> * external handlers like /terms, /clustering
> * pattern switch between /browse/* and /collection1/browse/*
> I only try to address the 1st issue, in the comment below.
> If both /terms and /clustering are safe to be public, then issue 2 may be omitted.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@lucene.apache.org
For additional commands, e-mail: dev-help@lucene.apache.org