Uploaded image for project: 'Shiro'
  1. Shiro
  2. SHIRO-741

Matching of / (root) is broken

VotersWatch issueWatchersLinkUpdate Comment AuthorReplace String in CommentUpdate Comment VisibilityDelete Comments
    XMLWordPrintableJSON

Details

    • Bug
    • Status: Closed
    • Major
    • Resolution: Fixed
    • 1.5.0
    • 1.5.1
    • Web
    • None

    Description

      Since SHIRO-682 it is no longer possible match the root of your application with /** . A request at / is transformed into an empty URI and no longer matches /**. This makes it impossible to secure your entire application and provide a whitelist for allowed urls, like this:

      [urls]
/rest/v1/openapi.* = noSessionCreation,anon
/rest/v1/info = noSessionCreation,anon

/** = noSessionCreation,oauth2,oauth,secured

      So far, I've found no way to match the root in 1.5.

      Attachments

        Issue Links

        is fixed by

        Bug - A problem which impairs or prevents the functions of the product. SHIRO-742 fix throw exception when request uri is /

        • Major - Major loss of function.
        • Resolved

        Activity
          This comment will be Viewable by All Users Viewable by All Users
          Cancel

          People

            Unassigned Unassigned
            papegaaij Emond Papegaaij
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved:

              Slack

                Issue deployment