-
Enhancement
-
Resolution: Done
-
Minor
-
None
-
SaaS
The word enabled in the description of the referrer parameter in the authorize/authrep call needs to be explained better. There can be multiple applications using a service and a Referrer filter may be configured on some of the applications but not for others. If the "Require referrer filtering" is enabled for a service but no "Referrer filter" is configured for an application, it is unclear if the referrer check is bypassed or not . The following is the observed behavior.
Referrer filtering is considered enabled for an application only if checkbox "Require referrer filtering" on APIs > Service > Settings page is selected and a Referrer filter is configured for the application. If special value '*' (wildcard) is passed or if there is no "Referrer Filter" configured for the application, the referrer check is bypassed.
- links to