This module is part of the Apache Sling project.
The Apache Sling Security module provides CSRF protection through a filter checking the referrer and a content disposition filter. This OSGi bundle can be used as a standalone bundle outside of Apache Sling - in that case only the referrer check functionality is available as the content disposition filter depends on the Apache Sling Framework
Configuring the Apache Sling Referrer Filter involves setting up an OSGi configuration to manage which referrers are allowed to access your application. Here are some of the options:
false
for security reasons.The filter can be configured through an OSGi configuration for the PID org.apache.sling.security.impl.ReferrerFilter
. This is a sample configuration in JSON format:
{ "allow.empty": false, "allow.hosts": ["mysite.com", "localhost"], "allow.hosts.regexp": [], "filter.methods": ["POST", "PUT", "DELETE", "COPY", "MOVE"], "exclude.agents.regexp": [], "exclude.paths": [] }
In addition it is possible to amend the configuration by additional OSGi factory configurations for the factory PID org.apache.sling.security.impl.ReferrerFilterAmendmentImpl
. This is a sample configuration in JSON format:
{ "allow.hosts": ["mysite.com", "localhost"], "allow.hosts.regexp": [], "exclude.agents.regexp": [], "exclude.paths": [] }