[jira] [Commented] (SLING-2141) Add a way to check the referrer for modification requests

Tobias Bocanegra (JIRA) Fri, 15 Jul 2011 08:00:23 -0700

    [ 
https://issues.apache.org/jira/browse/SLING-2141?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13065985#comment-13065985
 ]


Tobias Bocanegra commented on SLING-2141:
-----------------------------------------

the localhost check should also include IPv6 address:
   if ( "localhost".equals(host) || "127.0.0.1".equals(host) )

> Add a way to check the referrer for modification requests
> ---------------------------------------------------------
>
>                 Key: SLING-2141
>                 URL: https://issues.apache.org/jira/browse/SLING-2141
>             Project: Sling
>          Issue Type: New Feature
>          Components: Extensions
>            Reporter: Carsten Ziegeler
>            Assignee: Carsten Ziegeler
>             Fix For: Security 1.0.0
>
>
> To prevent CSRF we could add an additional module which checks the referrer 
> (referer header) in combination with a configurable whitelist.

--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Commented] (SLING-2141) Add a way to check the referrer for modification requests

Reply via email to