Hi Timothée, Sounds reasonable, can you create a Jira issue and maybe provide a patch?
Thanks Carsten 2013/5/13 Jeff Young <j...@adobe.com> > +1 > > > -----Original Message----- > > From: maret.timot...@gmail.com [mailto:maret.timot...@gmail.com] On > Behalf Of > > Timothée Maret > > Sent: 13 May 2013 11:09 > > To: dev@sling.apache.org > > Subject: Support allowed hosts patterns in ReferrerFilter > > > > Hi, > > > > The current "allow.hosts" setting of the ReferrerFilter can be configured > > with a list of trusted hosts. > > In a setup where the list of allowed hosts is expending as the > application > > runs, it becomes tricky to keep the configuration in sync. > > As an example, a service which supports wilcard uris such as <userId>. > > my.service.com would be required to modify the reference filter > > configuration for each user which is hardly doable. > > > > Thus, I would propose to support regex patterns for the list of > > "allow.hosts". which would still be secure. > > > > The example above would be configured as: > > allow.hosts=*.my.service.com > > > > wdyt ? > > > > Regards, > > > > Timothee. > -- Carsten Ziegeler cziege...@apache.org