Mercurial > p > roundup > code
comparison doc/customizing.txt @ 5361:1d7363d8474b
typo fixes
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Thu, 12 Jul 2018 18:31:59 -0400 |
| parents | 01dabc0483b0 |
| children | dffa7d0df99c |
comparison
equal
deleted
inserted
replaced
| 5360:9deed9569617 | 5361:1d7363d8474b |
|---|---|
| 1696 | 1696 |
| 1697 Also a per form token (also called a nonce) can be enabled for | 1697 Also a per form token (also called a nonce) can be enabled for |
| 1698 the tracker using the ``csrf_enforce_token`` option in | 1698 the tracker using the ``csrf_enforce_token`` option in |
| 1699 config.ini. When enabled, roundup will validate a hidden form | 1699 config.ini. When enabled, roundup will validate a hidden form |
| 1700 field called ``@csrf``. If the validation fails (or the token | 1700 field called ``@csrf``. If the validation fails (or the token |
| 1701 is used more than one) the request is rejected. The ``@csrf`` | 1701 is used more than once) the request is rejected. The ``@csrf`` |
| 1702 input field is added automatically by calling the ``submit`` | 1702 input field is added automatically by calling the ``submit`` |
| 1703 function/path. It can also be added manually by calling | 1703 function/path. It can also be added manually by calling |
| 1704 anti_csrf_nonce() directly. For example: | 1704 anti_csrf_nonce() directly. For example: |
| 1705 | 1705 |
| 1706 <input name="@csrf" type="hidden" | 1706 <input name="@csrf" type="hidden" |
| 1720 The protection on the xmlrpc interface is untested, but is based | 1720 The protection on the xmlrpc interface is untested, but is based |
| 1721 on a valid header check against the roundup url and the presence | 1721 on a valid header check against the roundup url and the presence |
| 1722 of the ``X-REQUESTED-WITH`` header. Work to improve this is a | 1722 of the ``X-REQUESTED-WITH`` header. Work to improve this is a |
| 1723 future project after the 1.6 release. | 1723 future project after the 1.6 release. |
| 1724 | 1724 |
| 1725 The enforcement levels an be modified in ``config.ini``. Refer to | 1725 The enforcement levels can be modified in ``config.ini``. Refer to |
| 1726 that file for details. | 1726 that file for details. |
| 1727 | 1727 |
| 1728 Special form variables | 1728 Special form variables |
| 1729 ---------------------- | 1729 ---------------------- |
| 1730 | 1730 |