[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17032539#comment-17032539
]
Julian Reschke commented on SLING-9043:
---
[~chaotic] - it should be made clear in the ticket
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17032288#comment-17032288
]
Lars Krapf commented on SLING-9043:
---
[~reschke], [~kwin]:
[~sonagupt] has updated the PR and added
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17031467#comment-17031467
]
Julian Reschke commented on SLING-9043:
---
Ok, there were two things here that alarmed me:
1.
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17031455#comment-17031455
]
Lars Krapf commented on SLING-9043:
---
[~kwin]: Yes, with proper CORS configuration this issue is
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17031442#comment-17031442
]
Konrad Windszus commented on SLING-9043:
As the referrer is very often disabled in browsers one
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17031428#comment-17031428
]
Lars Krapf commented on SLING-9043:
---
Hello [~reschke]
COPY (and yes, MOVE as well) are state-changing
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030374#comment-17030374
]
Julian Reschke commented on SLING-9043:
---
That is not an attack.
Please describe a scenario in
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17030359#comment-17030359
]
Sonal Gupta commented on SLING-9043:
[~reschke] The attack is that if the COPY request is coming from
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17029778#comment-17029778
]
Julian Reschke commented on SLING-9043:
---
At this point I don't understand what the actual attack
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17029777#comment-17029777
]
Sonal Gupta commented on SLING-9043:
Yes, it is sending. I tested without referrer for your comment:
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17029774#comment-17029774
]
Julian Reschke commented on SLING-9043:
---
So is the browser sending "Referer" for COPY or not?
>
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17029773#comment-17029773
]
Sonal Gupta commented on SLING-9043:
[~reschke] Yes, i am using the same command as used in browser.
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17029771#comment-17029771
]
Julian Reschke commented on SLING-9043:
---
I think testing with curl is misleading; you really need
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17029716#comment-17029716
]
Sonal Gupta commented on SLING-9043:
[~reschke] Yes, i have tested that if referrer is empty/not
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17027313#comment-17027313
]
Julian Reschke commented on SLING-9043:
---
So the assumption is that the XHR request will not include
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17027311#comment-17027311
]
Sonal Gupta commented on SLING-9043:
[~reschke] COPY command works perfectly fine with both
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17027305#comment-17027305
]
Julian Reschke commented on SLING-9043:
---
Well, if COPY is problematic, so is MOVE.
That said, I'd
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17027304#comment-17027304
]
Sonal Gupta commented on SLING-9043:
[~reschke] There was an issue opened for COPY function
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17027228#comment-17027228
]
Julian Reschke commented on SLING-9043:
---
Not convinced, that COPY is actually a problem. Also, if
[
https://issues.apache.org/jira/browse/SLING-9043?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17027223#comment-17027223
]
Sonal Gupta commented on SLING-9043:
20 matches
Mail list logo
