Maybe it should only be checking the referrer when the request is a POST. The intent of that referer checking was to make sure you returned to the same login page when there was an error with the credentials that were posted from the login form.
Regards, Eric On Tue, Jan 10, 2012 at 12:23 PM, Justin Edelson <[email protected]>wrote: > I noticed yesterday that the login link on the index.html page (to > http://localhost:8888/system/sling/login.html) in the initial content > no longer works - it returns a 403 error. > > This appears to be because the LoginServlet tries to delegate serving > the login page to the various authentication handlers, but they all > refuse to handle it because the referrer isn't their own login page. > This appears to be a regression added by SLING-2165. > > Is the LoginServlet still usable? If so, how? > > Thanks > Justin >
