[MULTISITE-44] Review default bypasses for CrossSiteSecurityFilter Created: 02/Jun/15  Updated: 21/Jun/19

Status: Open
Project: Magnolia Multisite Module
Component/s: None
Affects Version/s: None
Fix Version/s: None

Type: Task Priority: Major
Reporter: Magnolia International Assignee: Unassigned
Resolution: Unresolved Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified

Issue Links:
causality
caused by MGNLRES-144 Implement new origin-based ResourcesS... Closed
caused by MAGNOLIA-6128 Introduce uniform resource loading API Closed
Template:
Acceptance criteria:
Empty
Task DoR:
Empty
Release notes required:
Yes

 Description   

Up until Magnolia 5.3, /.resources was used only for admincentral resources. Presumably, that's why CrossSiteSecurityFilter is configured by default with a bypass for this path.
Starting with 5.4 and resources module 2.4, /.resources will be used to serve resources (through ResourcesServlet and new ResourcePath API). Maybe we need to change the default bypass to make this more visible to users upgrading ? And/or simply document this ?


Generated at Mon Feb 12 06:05:52 CET 2024 using Jira 9.4.2#940002-sha1:46d1a51de284217efdcb32434eab47a99af2938b.