Details
-
Bug
-
Resolution: Fixed
-
Critical
-
1.4.6, 2.0.15
-
None
-
-
Empty show more show less
-
Yes
Description
With site settings
site1 mapped to page page1 and domain www.domain1.com
site2 mapped to page page2 and domain www.domain2.com
and CrossSiteSecurityFilter restricting access from one to another there is a way to access first level page from other domain by calling:
www.domain1.com/page1/page2
www.domain2.com/page2/page1
Checklists
Attachments
Issue Links
- depends upon
-
MAGNOLIA-5589 Statement StringUtils.removeStart(handle, "/") is not assigned to the variable
-
- Closed
-
- is cloned by
-
MGNLETK-120 CLONE - Path handle is stripped twice thus access to another site is sometimes possible
-
- Closed
-
-
MULTISITE-11 Path handle is stripped twice thus access to another site is sometimes possible
-
- Closed
-
- relates to
-
MGNLETK-108 Cross site access should not possible over default site
-
- Closed
-