[
https://issues.apache.org/jira/browse/KNOX-2655?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17437411#comment-17437411
]
ASF subversion and git services commented on KNOX-2655:
-------------------------------------------------------
Commit 188df42622ab6aa6b4ad7a42a5a77d6fd14594f3 in knox's branch
refs/heads/master from Larry McCay
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=188df42 ]
KNOX-2655 - Disallow Userinfo in KnoxSSO originalURL Query Param (#514)
* KNOX-2655 - Disallow Userinfo in KnoxSSO originalURL Query Param
> Disallow Userinfo in KnoxSSO originalURL Query Param
> ----------------------------------------------------
>
> Key: KNOX-2655
> URL: https://issues.apache.org/jira/browse/KNOX-2655
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxSSO
> Reporter: Larry McCay
> Priority: Major
> Fix For: 2.0.0
>
> Time Spent: 1h
> Remaining Estimate: 0h
>
> There is no valid reason that I can think of to allow userinfo in a URL for
> an application/UI that is participating in KnoxSSO. The userinfo is used to
> login to hosts/pages that are protected by HTTP Basic. This is contradictory
> to the use of KnoxSSO to begin with and complicates the regex pattern
> required to indicate those URLs that are allowed for redirect and/or dispatch.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
