Changeset 887 for trunk/grails-app


Ignore:
Timestamp:
Apr 16, 2011, 1:22:12 AM (14 years ago)
Author:
gav
Message:

Security fix for "Annotation based security is easy to bypass by adding ".html' to the URL", closes ticket #98.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/grails-app/conf/Config.groovy

    r722 r887  
    1010//    grails.config.locations << "file:" + System.properties["${appName}.config.location"]
    1111// }
    12 grails.mime.file.extensions = true // enables the parsing of file extensions from URLs into the request format
     12
     13// Set false due to acegi security issue.
     14// See: http://jira.grails.org/browse/GPACEGI-41
     15// See: http://www.gnumims.org/trac/ticket/98
     16grails.mime.file.extensions = false // enables the parsing of file extensions from URLs into the request format
     17
    1318grails.mime.types = [ html: ['text/html','application/xhtml+xml'],
    1419                      xml: ['text/xml', 'application/xml'],
Note: See TracChangeset for help on using the changeset viewer.