[SLING-9812] AccessManager Post servlets should not allow redirects to other hosts - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Improvement
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: JCR Jackrabbit Access Manager 3.0.8
Component/s: None
Labels:
None

Description

Through the :redirect parameter of the AbstractAccessPostServlet arbitrary redirects are possible. That should be limited so that redirects to other servers are not possible.

Expected: Apply the same solution that was applied to SlingPostServlet for ~~SLING-4469~~

Attachments

Activity

People

Assignee:: Eric Norman

Reporter:: Eric Norman

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 11/Oct/20 20:41

Updated:: 19/Oct/20 17:54

Resolved:: 11/Oct/20 21:40