[
https://issues.apache.org/jira/browse/KNOX-2655?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17437627#comment-17437627
]
ASF subversion and git services commented on KNOX-2655:
-------------------------------------------------------
Commit 05128cdb44026c1da2a464c4ddb751cf3491cd3c in knox's branch
refs/heads/v1.6.0 from Larry McCay
[ https://gitbox.apache.org/repos/asf?p=knox.git;h=05128cd ]
V1.6.0 (#515)
* KNOX-2655 - Disallow Userinfo in KnoxSSO originalURL Query Param
> Disallow Userinfo in KnoxSSO originalURL Query Param
> ----------------------------------------------------
>
> Key: KNOX-2655
> URL: https://issues.apache.org/jira/browse/KNOX-2655
> Project: Apache Knox
> Issue Type: Improvement
> Components: KnoxSSO
> Reporter: Larry McCay
> Assignee: Larry McCay
> Priority: Major
> Fix For: 1.6.0
>
> Time Spent: 2h 50m
> Remaining Estimate: 0h
>
> There is no valid reason that I can think of to allow userinfo in a URL for
> an application/UI that is participating in KnoxSSO. The userinfo is used to
> login to hosts/pages that are protected by HTTP Basic. This is contradictory
> to the use of KnoxSSO to begin with and complicates the regex pattern
> required to indicate those URLs that are allowed for redirect and/or dispatch.
--
This message was sent by Atlassian Jira
(v8.3.4#803005)
