[ https://issues.apache.org/jira/browse/SLING-11871?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Klco updated SLING-11871: ----------------------------- Fix Version/s: (was: Security 1.1.26) > Referrer Filter - Enable Bypass for Requests with Origin Header > --------------------------------------------------------------- > > Key: SLING-11871 > URL: https://issues.apache.org/jira/browse/SLING-11871 > Project: Sling > Issue Type: Improvement > Components: Sling Security > Affects Versions: Security 1.1.24 > Reporter: Dan Klco > Assignee: Dan Klco > Priority: Major > > The Referrer Filter in Apache Sling Security blocks requests without a > Referrer or a non-allow listed Referrer. Therefore Referrer filter will also > block external CORS requests which rather than using the Referrer, like > standard browser requests, use the Origin header. > We should therefore enable bypassing the ReferrerFilter for requests > containing an Origin header. These requests would need to be separately > validated by something else to ensure the Origin is valid. -- This message was sent by Atlassian Jira (v8.20.10#820010)