[jira] [Resolved] (SLING-7938) Add an option to prefer sending the reason_code as a request parameter over the reason text when redirecting to the login page

Eric Norman (JIRA) Tue, 18 Sep 2018 18:08:27 -0700


     [ 
https://issues.apache.org/jira/browse/SLING-7938?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
 ]


Eric Norman resolved SLING-7938.
--------------------------------
    Resolution: Fixed

Fixed at: 
https://github.com/apache/sling-org-apache-sling-auth-form/commit/c713d1e21150c17f69d0010e6e22f5fb510dcafb

> Add an option to prefer sending the reason_code as a request parameter over 
> the reason text when redirecting to the login page
> ------------------------------------------------------------------------------------------------------------------------------
>
>                 Key: SLING-7938
>                 URL: https://issues.apache.org/jira/browse/SLING-7938
>             Project: Sling
>          Issue Type: Improvement
>    Affects Versions: Form Based Authentication 1.0.10
>            Reporter: Eric Norman
>            Assignee: Eric Norman
>            Priority: Major
>             Fix For: Form Based Authentication 1.0.12
>
>
> Add a config option to the form authentication handler to prefer sending the 
> reason_code as a request parameter instead of the reason text when 
> redirecting to the login page.
> Sending the reason code as a request parameter should be safer, especially if 
> your custom login page was echoing the reason text to the screen.  The custom 
> login page script can then calculate the reason text to show in the UI by 
> matching the reason codes against the well-known failure reason codes and 
> fallback to some default reason text for anything invalid.
>  
>  



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

[jira] [Resolved] (SLING-7938) Add an option to prefer sending the reason_code as a request parameter over the reason text when redirecting to the login page

Reply via email to