[
https://issues.apache.org/jira/browse/CMIS-893?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=14344849#comment-14344849
]
Florian Müller commented on CMIS-893:
-------------------------------------
I don't see security implications. If the user can access the repository, he
can always call
{{http://localhost:8080/browser/something?cmisselector=repositoryInfo}} to get
the repository info. This URL must be supported.
The alternative response would be an error message like this:
{code}
{
"exception": "notSupported",
"message": "Unknown operation"
}
{code}
I don't think that is less confusing.
> getRepositories on browser binding repository url
> -------------------------------------------------
>
> Key: CMIS-893
> URL: https://issues.apache.org/jira/browse/CMIS-893
> Project: Chemistry
> Issue Type: Bug
> Components: opencmis-server
> Affects Versions: OpenCMIS 0.12.0
> Reporter: Michael Brackx
> Assignee: Florian Müller
>
> A http get on a repository url returns a getRepositories response.
> This can be confusing and have security implications.
> Example curl:
> {code}
> curl http://localhost:8080/browser/something
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
