to: +
resource, ioe);
}
// terminate request, all done
result = true;
}
--
View this message in context:
http://apache-sling.73963.n3.nabble.com/Sling-redirect-as-a-security-vulnerability-tp4031637p4031741
.73963.n3.nabble.com/Sling-redirect-as-a-security-vulnerability-tp4031637p4031741.html
Sent from the Sling - Users mailing list archive at Nabble.com.
We're reviewing our recent security scans and we had a red flag on the usage of
:redirect in our forms. It's being flagged as a potential attack vector as
you can set this to any url.
So knowing that these reports are indicators of potential problems and not
always valid. I wanted to get some
If you're using the Sling security bundle, the referrer is checked for POST
requests which should give you enough protection.
Carsten
2014-03-04 17:43 GMT+01:00 Jason Bailey jason.bai...@sas.com:
We're reviewing our recent security scans and we had a red flag on the
usage of :redirect in our