[CMS-10733] ResourceServlet should authenticate - Issues

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Normal
Resolution: Fixed
Affects Version/s: None
Fix Version/s: utilities-4.0.0
Component/s: None
Labels:
None

Story Points:
5
Epic Link:
Tiger Team Maintenance
Processed by team:
Tiger
Sprint:
Tiger Sprint 157, Tiger Sprint 158

Description

The ResourceServlet (hippo-cms-utilities) currently doesn't perform authentication. The CMS uses several instances of the ResourceServlet to serve resources from JAR files. By default those include:

Angular resources below /angular
CKEditor resources below /ckeditor
CMS styling below /skin

Logged-out users should not be able to retrieve these resources through the ResourceServlet.

Attachments

Issue Links

causes

FEBUILD-101 Firefox can't retrieve source map as the map is a protected resource and Firefox doesn't authenticate

Closed

ARCHE-532 Update default web.xml

Closed

relates to

CMS-13210 Channel toolbar is not displayed if you go first to an SPA channel

Closed

CMS-13419 Improve SameSite cookies to be compatible with new versions of Chrome

Closed

Activity

People

Assignee:: Unassigned

Reporter:: Tobias Jeger

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 11/May/17 1:21 PM

Updated:: 29/May/20 12:47 PM

Resolved:: 12/Jun/17 4:40 PM