Larry McCay created KNOX-2655:
---------------------------------
Summary: Disallow Userinfo in KnoxSSO originalURL Query Param
Key: KNOX-2655
URL: https://issues.apache.org/jira/browse/KNOX-2655
Project: Apache Knox
Issue Type: Improvement
Components: KnoxSSO
Reporter: Larry McCay
Fix For: 1.6.0
There is no valid reason that I can think of to allow userinfo in a URL for an
application/UI that is participating in KnoxSSO. The userinfo is used to login
to hosts/pages that are protected by HTTP Basic. This is contradictory to the
use of KnoxSSO to begin with and complicates the regex pattern required to
indicate those URLs that are allowed for redirect and/or dispatch.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
