-
Type:
Feature
-
Status: Done
-
Priority:
Medium
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 1.25.0
-
Component/s: None
-
Labels:None
This is needed to avoid scenarios where a user can get acceess to a cached resource that he should not be able to see.
The idea is that the application can add custom x-appng-required-role headers to any cacheable resource that it delivers.
If these headers (which are not being deliverd to the client) are present, the PageCacheFilter needs to compare them with a session-based list of the users's roles and reject access if required.