[
https://issues.apache.org/jira/browse/SLING-53?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel#action_12553455
]
Roy T. Fielding commented on SLING-53:
--------------------------------------
This needs to be very well documented. Some companies will consider it to be a
security hole
and will need a way to turn it off (globally).
It also must be limited to POST requests. In other words, nobody can tunnel a
state-changing
operation through GET.
> Add request filter for method overwrite
> ---------------------------------------
>
> Key: SLING-53
> URL: https://issues.apache.org/jira/browse/SLING-53
> Project: Sling
> Issue Type: New Feature
> Components: Core, microsling
> Reporter: Felix Meschberger
> Fix For: 2.0.0
>
>
> To allow for method overwrite I suggest to add a request processing Filter
> along the lines of the Abdera MethodOverWriteFilter [1] as stipulated by Roy
> in [2].
> [1]
> http://svn.apache.org/viewvc/incubator/abdera/java/trunk/server/src/main/java/org/apache/abdera/protocol/server/servlet/MethodOverrideFilter.java?view=markup&pathrev=510085
> [2] http://www.mail-archive.com/sling-dev@incubator.apache.org/msg00355.html
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
