Uploaded image for project: 'Magnolia Multisite Module'
  1. Magnolia Multisite Module
  2. MULTISITE-44

Review default bypasses for CrossSiteSecurityFilter

    XMLWordPrintable

Details

    • Task
    • Resolution: Unresolved
    • Major
    • None
    • None
    • None
    • Yes

    Description

      Up until Magnolia 5.3, /.resources was used only for admincentral resources. Presumably, that's why CrossSiteSecurityFilter is configured by default with a bypass for this path.
      Starting with 5.4 and resources module 2.4, /.resources will be used to serve resources (through ResourcesServlet and new ResourcePath API). Maybe we need to change the default bypass to make this more visible to users upgrading ? And/or simply document this ?

      Checklists

        Acceptance criteria

        Attachments

          Issue Links

            Activity

              People

                Unassigned Unassigned
                gjoseph Magnolia International
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:

                  Checklists

                    Task DoR