+1 Konrad
> On 15. Feb 2021, at 10:46, Radu Cotescu <r...@apache.org> wrote: > > Hi, > > I have to work on an update for the XSS Bundle and noticed that the adapter > factory is still around. Is it ok if I revert the change from [2] as well? > > Thanks, > Radu > > [2] - https://issues.apache.org/jira/browse/SLING-9874 > >> On 9 Nov 2020, at 17:02, Bertrand Delacretaz <bdelacre...@apache.org> wrote: >> >> Hi, >> >> On Mon, Nov 9, 2020 at 1:31 PM Julian Sedding <jsedd...@gmail.com> wrote: >>> ...In SLING-9874 I added an adapter factory to the XSS Protection API >>> module, which can adapt a SlingHttpServletRequest or a >>> ResourceResolver to an XSSAPI... >> >> Although we've been doing such things in the past I don't think it's a >> good idea, as it's adapting a Request to <something different which is >> not a request>. >> >> IOW I think adaptation should, in general, only be used to convert >> between "different views of the same thing" which is not the case >> here. Converting a Sling Resource to a JCR Node for example is clearly >> "different views of the same thing", so ok from that perspective. >> >> I have the impression that there's an implicit consensus among several >> of us about this but we might want to document it better. Sorry that >> this lack of clarity is causing extra work for you. >> >>> ...Now, according to comments in SLING-9874 it seems that Konrad and Radu >>> are opposed to this adapter factory... >> >> Given the above comments I also prefer that you omit that adapter >> factory. I suppose the XSSAPI is an OSGi service, if that's the case >> there are other, better, less "magic" ways to acquire it. >> >> -Bertrand >
