[
https://issues.apache.org/jira/browse/KNOX-2655?focusedWorklogId=673208&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-673208
]
ASF GitHub Bot logged work on KNOX-2655:
----------------------------------------
Author: ASF GitHub Bot
Created on: 02/Nov/21 14:56
Start Date: 02/Nov/21 14:56
Worklog Time Spent: 10m
Work Description: lmccay merged pull request #514:
URL: https://github.com/apache/knox/pull/514
--
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
To unsubscribe, e-mail: dev-unsubscr...@knox.apache.org
For queries about this service, please contact Infrastructure at:
us...@infra.apache.org
Issue Time Tracking
-------------------
Worklog Id: (was: 673208)
Time Spent: 1h 10m (was: 1h)
> Disallow Userinfo in KnoxSSO originalURL Query Param
> ----------------------------------------------------
>
> Key: KNOX-2655
> URL: https://issues.apache.org/jira/browse/KNOX-2655
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxSSO
> Reporter: Larry McCay
> Priority: Major
> Fix For: 2.0.0
>
> Time Spent: 1h 10m
> Remaining Estimate: 0h
>
> There is no valid reason that I can think of to allow userinfo in a URL for
> an application/UI that is participating in KnoxSSO. The userinfo is used to
> login to hosts/pages that are protected by HTTP Basic. This is contradictory
> to the use of KnoxSSO to begin with and complicates the regex pattern
> required to indicate those URLs that are allowed for redirect and/or dispatch.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
