Redirect after logging out is not validating the redirect link thus allowing to
redirect outside of the scope of Sling
----------------------------------------------------------------------------------------------------------------------
Key: SLING-2287
URL: https://issues.apache.org/jira/browse/SLING-2287
Project: Sling
Issue Type: Bug
Components: Authentication
Affects Versions: Auth Core 1.0.6
Reporter: Felix Meschberger
Assignee: Felix Meschberger
After logging out the Sling Authenticator can be instructed to redirect to
somewhere else. This link is not currently checked for validity.
Thus it is possible to redirect to another site after logging out.
The idea, though, is to redirect to another location inside the same site after
logging out.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators:
https://issues.apache.org/jira/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
