You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
{{ message }}
This repository was archived by the owner on Apr 12, 2024. It is now read-only.
Once #12219 is implemented, we will be able to bypass sce validation for requests that are already in the template cache.
This is desirable because it allows developers to disable the whitelist, especially remove the 'self' rule for allowing requests to the same domain origin to make it through. The same origin requests are currently allowed by default, which is problematic for applications that contain redirection services (e.g. for tracking clicks to 3rd party sites).
Doing it in this way, would allow us to be backwards compatible for application that populate the template cache as part of the build, while allowing us to ban the whitelist in these applications.
We need to backport this change to the 1.3.x branch as well.
Once #12219 is implemented, we will be able to bypass sce validation for requests that are already in the template cache.
This is desirable because it allows developers to disable the whitelist, especially remove the 'self' rule for allowing requests to the same domain origin to make it through. The same origin requests are currently allowed by default, which is problematic for applications that contain redirection services (e.g. for tracking clicks to 3rd party sites).
Doing it in this way, would allow us to be backwards compatible for application that populate the template cache as part of the build, while allowing us to ban the whitelist in these applications.
We need to backport this change to the 1.3.x branch as well.