[ https://issues.apache.org/jira/browse/SLING-3203?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Bertrand Delacretaz resolved SLING-3203. ---------------------------------------- Resolution: Fixed Fix Version/s: Servlets Post 2.3.4 Assignee: Bertrand Delacretaz Implemented in http://svn.apache.org/r1560342 , with integration test. POST :delete now returns 403 with a descriptive message if the request includes selectors, extension or suffix. All integration tests pass. > Post servlet's delete operation deletes parent of nonexisting node > ------------------------------------------------------------------ > > Key: SLING-3203 > URL: https://issues.apache.org/jira/browse/SLING-3203 > Project: Sling > Issue Type: Bug > Components: Servlets > Affects Versions: Servlets Post 2.3.2 > Reporter: Bertrand Delacretaz > Assignee: Bertrand Delacretaz > Fix For: Servlets Post 2.3.4 > > Attachments: SLING-3203.patch > > > In the below scenario, /tmp/test is gone after the delete operation - the > resource resolver goes up the path of the nonexisting node, and it's > /tmp/test that's provided to the DeleteOperation. > I think we should change this (maybe with a backwards compatibility switch), > as it's clear that the user's intention in this case is not to delete > /tmp/test. Maybe just reject :delete operations if the request has any > selector or extensions. > curl -u admin:admin -X POST http://localhost:8080/tmp/test/some.node > curl -u admin:admin http://localhost:8080/tmp/test.tidy.2.json # looks good > curl -u admin:admin -F:operation=delete > http://localhost:8080/tmp/test.other/nothing > curl -u admin:admin http://localhost:8080/tmp/test.tidy.2.json # 404 -- This message was sent by Atlassian JIRA (v6.1.5#6160)