Henry Kuijpers created SLING-6708:
-------------------------------------
Summary: Sling Dynamic Include - Usage of nocache selector allows
uncached access to everything
Key: SLING-6708
URL: https://issues.apache.org/jira/browse/SLING-6708
Project: Sling
Issue Type: Bug
Components: Extensions
Affects Versions: Dynamic Include 3.0.0, Dynamic Include 3.0.2
Reporter: Henry Kuijpers
Priority: Blocker
The SDI module works with a nocache-selector (or a selector that we arbitrarily
choose).
However, we cannot guarantee that only SDI's requests come in through the
nocache-selector. It can be any request.
This document says https://github.com/Cognifide/Sling-Dynamic-Include
that we should configure the Dispatcher to not cache when *.nocache.html* can
be applied to the request.
This means that anyone can use the nocache-selector on any request to bypass
Dispatcher caching for html files.
It even means that ".nocache.html" can appear anywhere in the full request URL.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
