This is an automated email from the ASF dual-hosted git repository. rombert pushed a commit to annotated tag org.apache.sling.security-1.0.0 in repository https://gitbox.apache.org/repos/asf/sling-org-apache-sling-security.git
commit ea48c8c162a689c28ec3e6b8688ff31a95735f4f Author: Carsten Ziegeler <[email protected]> AuthorDate: Wed Aug 3 16:47:37 2011 +0000 Update default list git-svn-id: https://svn.apache.org/repos/asf/sling/trunk/contrib/extensions/security@1153576 13f79535-47bb-0310-9956-ffa450edef68 --- src/main/java/org/apache/sling/security/impl/ReferrerFilter.java | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java b/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java index f8ad2ce..704b915 100644 --- a/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java +++ b/src/main/java/org/apache/sling/security/impl/ReferrerFilter.java @@ -125,6 +125,7 @@ public class ReferrerFilter implements Filter { referrers.add("https://localhost"; + ":0"); referrers.add("https://127.0.0.1"; + ":0"); referrers.add("https://[::1]"; + ":0"); + referrers.add("https://[::1]"; + ":0"); return referrers; } @@ -267,6 +268,10 @@ public class ReferrerFilter implements Filter { if ( referrer.indexOf(":/") == - 1 ) { return true; } + // check for air referrer - which is always allowed + if ( referrer.startsWith("app:/") ) { + return true; + } final HostInfo info = getHost(referrer); if ( info == null ) { -- To stop receiving notification emails like this one, please contact "[email protected]" <[email protected]>.
