sling-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From romb...@apache.org
Subject [sling-org-apache-sling-security] 11/20: Update default list
Date Tue, 07 Nov 2017 10:12:49 GMT
This is an automated email from the ASF dual-hosted git repository.

rombert pushed a commit to annotated tag org.apache.sling.security-1.0.0
in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git

commit ea48c8c162a689c28ec3e6b8688ff31a95735f4f
Author: Carsten Ziegeler <cziegeler@apache.org>
AuthorDate: Wed Aug 3 16:47:37 2011 +0000

    Update default list
    
    git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1153576
13f79535-47bb-0310-9956-ffa450edef68
---
 src/main/java/org/apache/sling/security/impl/ReferrerFilter.java | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java b/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
index f8ad2ce..704b915 100644
--- a/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
+++ b/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java
@@ -125,6 +125,7 @@ public class ReferrerFilter implements Filter {
         referrers.add("https://localhost" + ":0");
         referrers.add("https://127.0.0.1" + ":0");
         referrers.add("https://[::1]" + ":0");
+        referrers.add("https://[::1]" + ":0");
         return referrers;
     }
 
@@ -267,6 +268,10 @@ public class ReferrerFilter implements Filter {
         if ( referrer.indexOf(":/") == - 1 ) {
             return true;
         }
+        // check for air referrer - which is always allowed
+        if ( referrer.startsWith("app:/") ) {
+            return true;
+        }
 
         final HostInfo info = getHost(referrer);
         if ( info == null ) {

-- 
To stop receiving notification emails like this one, please contact
"commits@sling.apache.org" <commits@sling.apache.org>.

Mime
View raw message