[jira] [Resolved] (SLING-6937) Referrer Filter: Allow Regex User Agent Exclusions

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view
Report Content as Inappropriate

[jira] [Resolved] (SLING-6937) Referrer Filter: Allow Regex User Agent Exclusions

JIRA jira@apache.org

     [ https://issues.apache.org/jira/browse/SLING-6937?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Antonio Sanso resolved SLING-6937.
       Resolution: Fixed
    Fix Version/s: Security 1.1.4

fix in rev. r1784271 Thanks a lot [~djaeggi] for the patch. Thanks

> Referrer Filter: Allow Regex User Agent Exclusions
> --------------------------------------------------
>                 Key: SLING-6937
>                 URL: https://issues.apache.org/jira/browse/SLING-6937
>             Project: Sling
>          Issue Type: Improvement
>          Components: Extensions
>    Affects Versions: Security 1.1.2
>            Reporter: Dominique Jäggi
>            Assignee: Antonio Sanso
>             Fix For: Security 1.1.4
>         Attachments: _SLING_6937___Referrer_Filter__Allow_Path_Exclusions-2.patch
> For some cases it would be desirable to skip the referrer check altogether for certain resource paths, instead of simply setting "Allow Empty Referrer", thus weakening the security overall instead of only for a well known set of paths for which it would be desirable.
> For this reason i'd like to propose adding a path whitelist to the referrer filter configuration. Patch attached.

This message was sent by Atlassian JIRA