Carsten Ziegeler created SLING-6794:
---------------------------------------
Summary: Inconsistent handling of default configuration
Key: SLING-6794
URL: https://issues.apache.org/jira/browse/SLING-6794
Project: Sling
Issue Type: Bug
Components: XSS Protection API
Reporter: Carsten Ziegeler
Fix For: XSS Protection API 1.0.20
The XSSFilterImpl has currently an inconsistent handling of default
configurations:
If a login exception for the service resource resolver occurs, there is no
configuration at all - which I think is wrong. The default config should apply
or an exception should be thrown, but I guess applying the default config is
the better option
In addition we might want to reduce the log level from WARN to INFO or even
DEBUG when there is no configuration in the resource tree but the embedded
default is used.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
