Details
-
Bug
-
Resolution: Fixed
-
Neutral
-
None
Description
With site settings
site1 mapped to page page1 and domain www.domain1.com
site2 mapped to page page2 and domain www.domain2.com
and CrossSiteSecurityFilter restricting access from one to another there is a way to access first level page from other domain by calling:
www.domain1.com/page1/page2
www.domain2.com/page2/page1
Checklists
Attachments
Issue Links
- clones
-
MGNLETK-112 Path handle is stripped twice thus access to another site is sometimes possible
-
- Closed
-
- depends upon
-
MAGNOLIA-5589 Statement StringUtils.removeStart(handle, "/") is not assigned to the variable
-
- Closed
-
- relates to
-
MAGNOLIA-6882 Remove legacy code that allows to access site with duplicate prefix in the url
-
- Closed
-
-
MULTISITE-12 Cross site access should not possible over default site
-
- Closed
-