Mercurial > p > roundup > code
comparison roundup/configuration.py @ 7141:563f5327c5b5
clarify help text for * in allowed_api-origins
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 15 Feb 2023 12:03:35 -0500 |
| parents | 570abc4c6548 |
| children | 89a59e46b3af |
comparison
equal
deleted
inserted
replaced
| 7140:33124f6dc1c4 | 7141:563f5327c5b5 |
|---|---|
| 1316 value of the Origin header exactly. So 'https://bar.edu' and | 1316 value of the Origin header exactly. So 'https://bar.edu' and |
| 1317 'https://Bar.edu' are two different Origin values. Note that | 1317 'https://Bar.edu' are two different Origin values. Note that |
| 1318 the origin value is scheme://host. There is no path | 1318 the origin value is scheme://host. There is no path |
| 1319 component. So 'https://bar.edu/' would never be valid. | 1319 component. So 'https://bar.edu/' would never be valid. |
| 1320 Also the value * can be used to match any origin. Note that | 1320 Also the value * can be used to match any origin. Note that |
| 1321 this setting allows any other web page to make requests against | 1321 this value allows any web page on the internet to make |
| 1322 your roundup tracker and is not generally a good idea. | 1322 authenticated requests against your Roundup tracker and |
| 1323 is not a good idea. | |
| 1323 | 1324 |
| 1324 You need to set these if you have a web application on a | 1325 You need to set these if you have a web application on a |
| 1325 different origin accessing your roundup instance. | 1326 different origin accessing your roundup instance. |
| 1326 | 1327 |
| 1327 (The origin from the tracker.web setting in config.ini is | 1328 (The origin from the tracker.web setting in config.ini is |