You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@sling.apache.org by "Robert Munteanu (JIRA)" <ji...@apache.org> on 2018/10/19 14:17:00 UTC
[jira] [Closed] (SLING-7938) Add an option to prefer sending the
reason_code as a request parameter over the reason text when redirecting to
the login page
[ https://issues.apache.org/jira/browse/SLING-7938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Robert Munteanu closed SLING-7938.
----------------------------------
> Add an option to prefer sending the reason_code as a request parameter over the reason text when redirecting to the login page
> ------------------------------------------------------------------------------------------------------------------------------
>
> Key: SLING-7938
> URL: https://issues.apache.org/jira/browse/SLING-7938
> Project: Sling
> Issue Type: Improvement
> Components: Authentication
> Affects Versions: Form Based Authentication 1.0.10
> Reporter: Eric Norman
> Assignee: Eric Norman
> Priority: Major
> Fix For: Form Based Authentication 1.0.12
>
>
> Add a config option to the form authentication handler to prefer sending the reason_code as a request parameter instead of the reason text when redirecting to the login page.
> Sending the reason code as a request parameter should be safer, especially if your custom login page was echoing the reason text to the screen. The custom login page script can then calculate the reason text to show in the UI by matching the reason codes against the well-known failure reason codes and fallback to some default reason text for anything invalid.
>
>
--
This message was sent by Atlassian JIRA
(v7.6.3#76005)