[MGNLRES-377] Add CSRF filter bypass configuration for resources Created: 21/Oct/21 Updated: 20/Jul/22 Resolved: 25/Oct/21 |
|
| Status: | Closed |
| Project: | Magnolia Resources Module |
| Component/s: | None |
| Affects Version/s: | None |
| Fix Version/s: | 3.0.6 |
| Type: | Improvement | Priority: | Neutral |
| Reporter: | Jonathan Ayala | Assignee: | Jakub Petras |
| Resolution: | Fixed | Votes: | 0 |
| Labels: | csrf | ||
| Remaining Estimate: | Not Specified | ||
| Time Spent: | Not Specified | ||
| Original Estimate: | Not Specified | ||
| Issue Links: |
|
||||||||||||
| Template: |
|
||||||||||||
| Acceptance criteria: |
Empty
|
||||||||||||
| Task DoD: |
[X]*
Doc/release notes changes? Comment present?
[X]*
Downstream builds green?
[X]*
Solution information and context easily available?
[X]*
Tests
[X]*
FixVersion filled and not yet released
[ ] 
Architecture Decision Record (ADR)
|
||||||||||||
| Epic Link: | Nucleus Quality Maintenance | ||||||||||||
| Team: | |||||||||||||
| Description |
|
Requests for dam/imaging/resources servlets could be bypassed by default since they don't process data. This would help reducing the amount of headers in case there are requests that retrieve a large amount of resources, which may exceed the header count limit. Therefore, adding the bypass configuration for those URLs by default would be desirable. |