Dan Klco created SLING-11871: -------------------------------- Summary: Referrer Filter - Enable Bypass for Requests with Origin Header Key: SLING-11871 URL: https://issues.apache.org/jira/browse/SLING-11871 Project: Sling Issue Type: Improvement Components: Sling Security Affects Versions: Security 1.1.24 Reporter: Dan Klco Assignee: Dan Klco Fix For: Security 1.1.26
The Referrer Filter in Apache Sling Security blocks requests without a Referrer or a non-allow listed Referrer. Therefore Referrer filter will also block external CORS requests which rather than using the Referrer, like standard browser requests, use the Origin header. We should therefore enable bypassing the ReferrerFilter for requests containing an Origin header. These requests would need to be separately validated by something else to ensure the Origin is valid. -- This message was sent by Atlassian Jira (v8.20.10#820010)