Dan Klco created SLING-11871:
--------------------------------
Summary: Referrer Filter - Enable Bypass for Requests with Origin
Header
Key: SLING-11871
URL: https://issues.apache.org/jira/browse/SLING-11871
Project: Sling
Issue Type: Improvement
Components: Sling Security
Affects Versions: Security 1.1.24
Reporter: Dan Klco
Assignee: Dan Klco
Fix For: Security 1.1.26
The Referrer Filter in Apache Sling Security blocks requests without a Referrer
or a non-allow listed Referrer. Therefore Referrer filter will also block
external CORS requests which rather than using the Referrer, like standard
browser requests, use the Origin header.
We should therefore enable bypassing the ReferrerFilter for requests containing
an Origin header. These requests would need to be separately validated by
something else to ensure the Origin is valid.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
