[
https://issues.apache.org/jira/browse/JCR-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15452125#comment-15452125
]
Julian Reschke commented on JCR-4002:
-
Backed out the changes in
[
https://issues.apache.org/jira/browse/JCR-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15449010#comment-15449010
]
Julian Reschke commented on JCR-4002:
-
FWIW, the whitespace in the media type properly causes a CORS
[
https://issues.apache.org/jira/browse/JCR-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15446053#comment-15446053
]
Julian Reschke commented on JCR-4002:
-
Checking: is the whitespace in the content type intentional?
>
[
https://issues.apache.org/jira/browse/JCR-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15445805#comment-15445805
]
Julian Reschke commented on JCR-4002:
-
As far as I can tell, JcrRemotingServlet would be vulnerable as
[
https://issues.apache.org/jira/browse/JCR-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15445474#comment-15445474
]
Julian Reschke commented on JCR-4002:
-
trunk: [r1756604|http://svn.apache.org/r1756604]
[
https://issues.apache.org/jira/browse/JCR-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15424812#comment-15424812
]
Julian Reschke commented on JCR-4002:
-
But that means that code extending from this now will have to the
[
https://issues.apache.org/jira/browse/JCR-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15424706#comment-15424706
]
Dominique Jäggi commented on JCR-4002:
--
the method wasn't removed as such, it just returns 405. it can
[
https://issues.apache.org/jira/browse/JCR-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15424703#comment-15424703
]
Julian Reschke commented on JCR-4002:
-
Wait - isn't POST support needed in other servlets that extend
[
https://issues.apache.org/jira/browse/JCR-4002?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=15422374#comment-15422374
]
angela commented on JCR-4002:
-
looks good to me.
> CSRF in Jackrabbit-Webdav using empty content-type
>