[jira] [Commented] (JCR-4002) CSRF in Jackrabbit-Webdav using empty content-type

[ https://issues.apache.org/jira/browse/JCR-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15452125#comment-15452125 ] Julian Reschke commented on JCR-4002: - Backed out the changes in

[jira] [Commented] (JCR-4002) CSRF in Jackrabbit-Webdav using empty content-type

[ https://issues.apache.org/jira/browse/JCR-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15449010#comment-15449010 ] Julian Reschke commented on JCR-4002: - FWIW, the whitespace in the media type properly causes a CORS

[jira] [Commented] (JCR-4002) CSRF in Jackrabbit-Webdav using empty content-type

[ https://issues.apache.org/jira/browse/JCR-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15446053#comment-15446053 ] Julian Reschke commented on JCR-4002: - Checking: is the whitespace in the content type intentional? >

[jira] [Commented] (JCR-4002) CSRF in Jackrabbit-Webdav using empty content-type

[ https://issues.apache.org/jira/browse/JCR-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15445805#comment-15445805 ] Julian Reschke commented on JCR-4002: - As far as I can tell, JcrRemotingServlet would be vulnerable as

[jira] [Commented] (JCR-4002) CSRF in Jackrabbit-Webdav using empty content-type

[ https://issues.apache.org/jira/browse/JCR-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15445474#comment-15445474 ] Julian Reschke commented on JCR-4002: - trunk: [r1756604|http://svn.apache.org/r1756604]

[jira] [Commented] (JCR-4002) CSRF in Jackrabbit-Webdav using empty content-type

[ https://issues.apache.org/jira/browse/JCR-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15424812#comment-15424812 ] Julian Reschke commented on JCR-4002: - But that means that code extending from this now will have to the

[jira] [Commented] (JCR-4002) CSRF in Jackrabbit-Webdav using empty content-type

[ https://issues.apache.org/jira/browse/JCR-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15424706#comment-15424706 ] Dominique Jäggi commented on JCR-4002: -- the method wasn't removed as such, it just returns 405. it can

[jira] [Commented] (JCR-4002) CSRF in Jackrabbit-Webdav using empty content-type

[ https://issues.apache.org/jira/browse/JCR-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15424703#comment-15424703 ] Julian Reschke commented on JCR-4002: - Wait - isn't POST support needed in other servlets that extend

[jira] [Commented] (JCR-4002) CSRF in Jackrabbit-Webdav using empty content-type

[ https://issues.apache.org/jira/browse/JCR-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15422374#comment-15422374 ] angela commented on JCR-4002: - looks good to me. > CSRF in Jackrabbit-Webdav using empty content-type >