Closed henrykuijpers closed 7 years ago
davidjgonzalez
commented
8 years ago Chatted w @bstopp offline... we thought adding this support as an extension of:
Would be a good idea. TBD if we its just a if clause, or if we want to architect a set of pluggable sub-feature-filters.
bstopp
commented
8 years ago I can see the "edge case" growing quickly. I wouldn't want to create a whole new Sling filter proxy stack; maybe a "CommonsUrlFilterFeature" api that is limited to those required to mitigate risk in this project only?
davidjgonzalez
commented
8 years ago @bstopp +1 to the interface/bound services approach. makes it more extendable overtime. else we wind up w if/else all the way down.
davidjgonzalez
commented
7 years ago @hkuiyo also, FWIW, the OOTB Image component has this vector as well -- as it includes a modification timestamp in the URL.
When specifying any selector for the versioned clientlibs, the Dispatcher will create a cached copy.
We could configure the Dispatcher so that it doesn't make a cached copy on the server, but then the requests always go to the AEM server -- Not preferable.
But if we don't, we can keep on creating cached copies of the files all the time (since it's an md5 hash, you have 16^32 possible filenames that you could cache). And there are even more possibilities, since the documentation (https://adobe-consulting-services.github.io/acs-aem-commons/features/versioned-clientlibs.html) mentions this regex part for the selector:
[a-f0-9]+Which does not constrain any limit on the length of the selector.Depending on the size of the clientlib that is referenced, which (for bigger projects) can grow quite rapidly, you could perform a DoS attack.