[jboss-jira] [JBoss JIRA] (AS7-4623) LogoutHandler.java misspells the referer header
Jason Greene (JIRA)
jira-events at lists.jboss.org
Thu Apr 26 15:01:19 EDT 2012
[ https://issues.jboss.org/browse/AS7-4623?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=12688130#comment-12688130 ]
Jason Greene commented on AS7-4623:
-----------------------------------
What darren is referring to is that form auth requires sending passwords in the clear, so without SSL by default (which we dont do out of the box since that requires certs be configured), then our out of the box mechanism would be sending passwords in the clear the second they change the management bind address to a public interface.
> LogoutHandler.java misspells the referer header
> -----------------------------------------------
>
> Key: AS7-4623
> URL: https://issues.jboss.org/browse/AS7-4623
> Project: Application Server 7
> Issue Type: Bug
> Components: Domain Management
> Reporter: Jess Sightler
> Assignee: Jason Greene
>
> Original code is:
> String referrer = responseHeaders.getFirst("Referrer");
> But the HTTP Referer header is actually spelled "Referer". Pull request with fix is here:
> https://github.com/jbossas/jboss-as/pull/2139
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators: https://issues.jboss.org/secure/ContactAdministrators!default.jspa
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the jboss-jira
mailing list