1. Sling
  2. SLING-2120

Add functionality to ignore some parameters from POST requests


    • Type: Improvement Improvement
    • Status: Resolved
    • Priority: Major Major
    • Resolution: Fixed
    • Affects Version/s: Servlets Post 2.1.0
    • Fix Version/s: Servlets Post 2.1.2
    • Component/s: Servlets
    • Labels:


      In certain situations a POST request is accompanied with request parameters that are to be ignored. Currently the Sling POST Servlet has two mechanisms to handle such parameters:

      • any parameter starting with a colon ( is ignored, e.g. :operation
      • only parameters starting with "./" are considered if at least one parameter has this format

      In certain situations, more parameters might be submitted ending in the POST Servlet and then being written to the repository. For example if a user tries to authenticated with form based authentication supplying j_username and j_password parameters then if the Sling POST Servlet is erroneously hit, these values might get written to the repository.

      We should add functionality to specify regular expressions for parameters which are to be ignored (apart from the existing mechanism). The default would be "j_.*" to ignore any parameters starting with j_ generally used for authentication


        Gavin made changes -
        Workflow re-open possible,doc-test-required [ 12788363 ] no-reopen-closed,doc-test-required [ 12790783 ]
        Gavin made changes -
        Workflow no-reopen-closed,doc-test-required [ 12766312 ] re-open possible,doc-test-required [ 12788363 ]
        Gavin made changes -
        Workflow Copy of no-reopen-closed,doc-test-required [ 12764797 ] no-reopen-closed,doc-test-required [ 12766312 ]
        Gavin made changes -
        Workflow no-reopen-closed,doc-test-required [ 12618606 ] Copy of no-reopen-closed,doc-test-required [ 12764797 ]
        Felix Meschberger made changes -
        Field Original Value New Value
        Resolution Fixed [ 1 ]
        Status Open [ 1 ] Resolved [ 5 ]
        Felix Meschberger created issue -


          • Assignee:
            Felix Meschberger
            Felix Meschberger
          • Votes:
            0 Vote for this issue
            0 Start watching this issue


            • Created: