[
https://issues.apache.org/jira/browse/SLING-6937?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=16044376#comment-16044376
]
Dominique Jäggi commented on SLING-6937:
----------------------------------------
after f2f discussions with [~asanso], it was decided to better allow for a list
of regex patterns against which the user agent of the request is matched. If
the user agent matches, the request is considered a no-browser request and thus
the referrer is not checked.
> Referrer Filter: Allow Regex User Agent Exclusions
> --------------------------------------------------
>
> Key: SLING-6937
> URL: https://issues.apache.org/jira/browse/SLING-6937
> Project: Sling
> Issue Type: Improvement
> Components: Extensions
> Affects Versions: Security 1.1.2
> Reporter: Dominique Jäggi
> Attachments: SLING_6937___Referrer_Filter__Allow_Path_Exclusions.patch
>
>
> For some cases it would be desirable to skip the referrer check altogether
> for certain resource paths, instead of simply setting "Allow Empty Referrer",
> thus weakening the security overall instead of only for a well known set of
> paths for which it would be desirable.
> For this reason i'd like to propose adding a path whitelist to the referrer
> filter configuration. Patch attached.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
