[jira] [Created] (SLING-4469) SlingPostServlet: do not allow redirects to other hosts

Konrad Windszus (JIRA) Tue, 03 Mar 2015 00:49:09 -0800

Konrad Windszus created SLING-4469:
--------------------------------------

             Summary: SlingPostServlet: do not allow redirects to other hosts
                 Key: SLING-4469
                 URL: https://issues.apache.org/jira/browse/SLING-4469
             Project: Sling
          Issue Type: Improvement
    Affects Versions: Servlets Post 2.3.6
            Reporter: Konrad Windszus
            Assignee: Konrad Windszus



Through the {{:redirect}} parameter of the {{SlingPostServlet}} arbitrary 
redirects are possible 
(http://sling.apache.org/documentation/bundles/manipulating-content-the-slingpostservlet-servlets-post.html#redirect).
 That should be limited so that redirects to other servers are not possible.
Compare also with discussion at: 
http://www.mail-archive.com/dev@sling.apache.org/msg43348.html.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

[jira] [Created] (SLING-4469) SlingPostServlet: do not allow redirects to other hosts

Reply via email to