sling-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy Teeuwen (JIRA)" <j...@apache.org>
Subject [jira] [Commented] (SLING-6708) Sling Dynamic Include - Usage of nocache selector allows uncached access to everything
Date Fri, 24 Mar 2017 15:59:41 GMT

    [ https://issues.apache.org/jira/browse/SLING-6708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15940614#comment-15940614
] 

Roy Teeuwen commented on SLING-6708:
------------------------------------

Indeed, this is more of a problem related to the AEM dispatcher itself instead of this module

> Sling Dynamic Include - Usage of nocache selector allows uncached access to everything
> --------------------------------------------------------------------------------------
>
>                 Key: SLING-6708
>                 URL: https://issues.apache.org/jira/browse/SLING-6708
>             Project: Sling
>          Issue Type: Bug
>          Components: Extensions
>    Affects Versions: Dynamic Include 3.0.0, Dynamic Include 3.0.2
>            Reporter: Henry Kuijpers
>            Priority: Blocker
>
> The SDI module works with a nocache-selector (or a selector that we arbitrarily choose).
> However, we cannot guarantee that only SDI's requests come in through the nocache-selector.
It can be any request.
> This document says https://github.com/Cognifide/Sling-Dynamic-Include
> that we should configure the Dispatcher to not cache when {code}*.nocache.html*{code}
can be applied to the request.
> This means that anyone can use the nocache-selector on any request to bypass Dispatcher
caching for html files.
> It even means that ".nocache.html" can appear anywhere in the full request URL.



--
This message was sent by Atlassian JIRA
(v6.3.15#6346)

Mime
View raw message