Mercurial Repository: p/roundup/code: doc/xmlrpc.txt comparison

comparison doc/xmlrpc.txt @ 5220:14d8f61e6ef2

Reimplemented anti-csrf measures by raising exceptions rather than returning booleans. Redoing it using exceptions was the easiest way to return proper xmlrpc fault messages to the clients. Also this code should now properly make values set in the form override values from the database. So no lost work under some circumstances if the csrf requirements are not met. Also this code does a better job of cleaning up old csrf tokens.

author	John Rouillard <rouilj@ieee.org>
date	Wed, 05 Apr 2017 20:56:08 -0400
parents	ade4bbc2716d
children	198b6e810c67

comparison

equal deleted inserted replaced

-:ade4bbc2716d
+:14d8f61e6ef2
 []
 >>> roundup_server.lookup('user','admin')
 '1'
 The one below adds Referer and X-Requested-With headers so it can pass
-stronger CSRF detection methods. Note if you are using http rather
+stronger CSRF detection methods. It also generates a fault message
-than https, replace xmlrpclib.SafeTransport with xmlrpclib.Transport::
+from the server and reports it. Note if you are using http rather than
+https, replace xmlrpclib.SafeTransport with xmlrpclib.Transport::
 import xmlrpclib
 class SpecialTransport(xmlrpclib.SafeTransport):
 print roundup_server.schema()
 print roundup_server.display('user2', 'username')
 print roundup_server.display('issue1', 'status')
 print roundup_server.filter('user',['1','2','3'],{'username':'demo'})
+# this will fail with a fault
+try:
+print roundup_server.filter('usr',['0','2','3'],{'username':'demo'})
+except Exception, msg:
+print msg

Mercurial > p > roundup > code

comparison doc/xmlrpc.txt @ 5220:14d8f61e6ef2