Mercurial > p > roundup > code
comparison doc/rest.txt @ 5826:8e17c34a5cf0
issue2551048. Document WEB_SECRET_KEY in config.ini.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 25 Jun 2019 17:02:37 -0400 |
| parents | 352e78c3b4ab |
| children | da1f40b5148d |
comparison
equal
deleted
inserted
replaced
| 5825:bcb894bc9740 | 5826:8e17c34a5cf0 |
|---|---|
| 24 via the variable ``enable_rest`` which is ``yes`` by default. | 24 via the variable ``enable_rest`` which is ``yes`` by default. |
| 25 | 25 |
| 26 The REST api is reached via the ``/rest/`` endpoint of the tracker | 26 The REST api is reached via the ``/rest/`` endpoint of the tracker |
| 27 URL. Partial URLs paths below (not starting with https) will have | 27 URL. Partial URLs paths below (not starting with https) will have |
| 28 /rest removed for brevity. | 28 /rest removed for brevity. |
| 29 | |
| 30 Make sure that the ``secret_key`` option is defined in the | |
| 31 ``[web]`` section of your tracker's ``config.ini``. Following the | |
| 32 `upgrading directions`_ using ``roundup-admin ... updateconfig | |
| 33 ...`` will generate the ``secret_key`` comments and setting. Then | |
| 34 you can merge this into your ``config.ini``. If you are | |
| 35 installing a new tracker with ``roundup-admin ... install`` the | |
| 36 ``secret_key`` value is automatically set to some random value. | |
| 37 | |
| 38 If ``secret_key`` is not set, the etag value returned by a REST | |
| 39 call will be change on every call even though the item has not | |
| 40 changed. | |
| 41 | |
| 42 .. _upgrading directions: upgrading.html | |
| 29 | 43 |
| 30 Preventing CSRF Attacks | 44 Preventing CSRF Attacks |
| 31 ======================= | 45 ======================= |
| 32 | 46 |
| 33 Clients should set the header X-REQUESTED-WITH to any value and the | 47 Clients should set the header X-REQUESTED-WITH to any value and the |