[
https://issues.apache.org/jira/browse/SLING-6708?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15940614#comment-15940614
]
Roy Teeuwen commented on SLING-6708:
------------------------------------
Indeed, this is more of a problem related to the AEM dispatcher itself instead
of this module
> Sling Dynamic Include - Usage of nocache selector allows uncached access to
> everything
> --------------------------------------------------------------------------------------
>
> Key: SLING-6708
> URL: https://issues.apache.org/jira/browse/SLING-6708
> Project: Sling
> Issue Type: Bug
> Components: Extensions
> Affects Versions: Dynamic Include 3.0.0, Dynamic Include 3.0.2
> Reporter: Henry Kuijpers
> Priority: Blocker
>
> The SDI module works with a nocache-selector (or a selector that we
> arbitrarily choose).
> However, we cannot guarantee that only SDI's requests come in through the
> nocache-selector. It can be any request.
> This document says https://github.com/Cognifide/Sling-Dynamic-Include
> that we should configure the Dispatcher to not cache when
> {code}*.nocache.html*{code} can be applied to the request.
> This means that anyone can use the nocache-selector on any request to bypass
> Dispatcher caching for html files.
> It even means that ".nocache.html" can appear anywhere in the full request
> URL.
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
