If you're using the Sling security bundle, the referrer is checked for POST requests which should give you enough protection.
Carsten 2014-03-04 17:43 GMT+01:00 Jason Bailey <[email protected]>: > We're reviewing our recent security scans and we had a red flag on the > usage of ":redirect" in our forms. It's being flagged as a potential attack > vector as you can set this to any url. > So knowing that these reports are indicators of potential problems and not > always valid. I wanted to get some clarity from the sling user base to > whether they have seen this before, is there a setting that I am missing? > Or do I need to do some additional to prevent this from being an issue? Etc. > > Thanks > > -Jason Bailey > -- Carsten Ziegeler [email protected]
