+1
> -----Original Message----- > From: maret.timot...@gmail.com [mailto:maret.timot...@gmail.com] On Behalf Of > Timothée Maret > Sent: 13 May 2013 11:09 > To: dev@sling.apache.org > Subject: Support allowed hosts patterns in ReferrerFilter > > Hi, > > The current "allow.hosts" setting of the ReferrerFilter can be configured > with a list of trusted hosts. > In a setup where the list of allowed hosts is expending as the application > runs, it becomes tricky to keep the configuration in sync. > As an example, a service which supports wilcard uris such as <userId>. > my.service.com would be required to modify the reference filter > configuration for each user which is hardly doable. > > Thus, I would propose to support regex patterns for the list of > "allow.hosts". which would still be secure. > > The example above would be configured as: > allow.hosts=*.my.service.com > > wdyt ? > > Regards, > > Timothee.
