This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.security-1.0.0 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit 33f03e3a799c61ef00b4dfd2c9aed6942a2aad81 Author: Justin Edelson <[email protected]> AuthorDate: Wed Aug 31 15:12:00 2011 +0000 SLING-2198 - allowing request if the referrer host name matches the request host name (also, internalizing the PropertiesUtil class for compatibility purposes) git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1163660 13f79535-47bb-0310-9956-ffa450edef68 --- pom.xml | 3 +++ src/main/java/org/apache/sling/security/impl/ReferrerFilter.java | 6 ++++++ 2 files changed, 9 insertions(+) diff --git a/pom.xml b/pom.xml index 7098fd6..3dcda90 100644 --- a/pom.xml +++ b/pom.xml @@ -58,6 +58,9 @@ <configuration> <instructions> <Bundle-Category>sling</Bundle-Category> + <Embed-Dependency> + org.apache.sling.commons.osgi;inline=org/apache/sling/commons/osgi/PropertiesUtil.* + </Embed-Dependency> <Private-Package> org.apache.sling.security.impl </Private-Package> diff --git a/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java b/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java index ddb4ca1..0302ac7 100644 --- a/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java +++ b/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java @@ -282,6 +282,12 @@ public class ReferrerFilter implements Filter { return false; } + // allow the request if the host name of the referrer is + // the same as the request's host name + if ( info.host.equals(request.getServerName()) ) { + return true; + } + boolean valid = false; for(final URL ref : this.allowedReferrers) { if ( info.host.equals(ref.getHost()) && info.scheme.equals(ref.getProtocol()) ) { -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
