« Previous | Next » 

Revision c78ca09b

IDc78ca09b43614a84601f2f121c9f1c68bcb89350

Added by Bastian Waidelich about 10 years ago

[!!!][BUGFIX] Avoid Credentials to be stored in the request

When you authenticate using the PersistedUsernamePasswordProvider
username & password are copied to the GET Arguments of the following
request when used in SubRequests (plugins / widgets) because POST
arguments are merged in the RequestBuilder.

This change fixes this by prepending username & password with two
underscores, turning them into "internal request arguments" (see #25802)

Change-Id: Ifdee053fc1c1dc2338dddf7b759ce6b6bcd00a26
Resolves: #28257

  • added
  • modified
  • copied
  • renamed
  • deleted