Mercurial > p > roundup > code

comparison doc/xmlrpc.txt @ 5219:ade4bbc2716d

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Update the xmlrpc documentation for use with the CSRF defenses.
author John Rouillard <rouilj@ieee.org>
date Mon, 27 Mar 2017 23:04:30 -0400
parents 47cc50617e19
children 14d8f61e6ef2
comparison
equal deleted inserted replaced
5218:44f7e6b958fe 5219:ade4bbc2716d
105 dictionary of name value pairs to search for. See also :ref:`query-tracker`. 105 dictionary of name value pairs to search for. See also :ref:`query-tracker`.
106 ======= ==================================================================== 106 ======= ====================================================================
107 107
108 sample python client 108 sample python client
109 ==================== 109 ====================
110 :: 110
111 This client will work if you turn off the x-requested-with header and
112 the only CSRF header check you require is the HTTP host header::
111 113
112 >>> import xmlrpclib 114 >>> import xmlrpclib
113 >>> roundup_server = xmlrpclib.ServerProxy('http://admin:admin@localhost:8917/demo/xmlrpc', allow_none=True) 115 >>> roundup_server = xmlrpclib.ServerProxy('http://admin:admin@localhost:8917/demo/xmlrpc', allow_none=True)
114 >>> roundup_server.schema() 116 >>> roundup_server.schema()
115 {'user': [['username', '<roundup.hyperdb.String>'], ...], 'issue': [...]} 117 {'user': [['username', '<roundup.hyperdb.String>'], ...], 'issue': [...]}
134 [] 136 []
135 >>> roundup_server.filter('user',[],{'username':'adm'}) 137 >>> roundup_server.filter('user',[],{'username':'adm'})
136 [] 138 []
137 >>> roundup_server.lookup('user','admin') 139 >>> roundup_server.lookup('user','admin')
138 '1' 140 '1'
141
142 The one below adds Referer and X-Requested-With headers so it can pass
143 stronger CSRF detection methods. Note if you are using http rather
144 than https, replace xmlrpclib.SafeTransport with xmlrpclib.Transport::
145
146 import xmlrpclib
147
148 class SpecialTransport(xmlrpclib.SafeTransport):
149
150 def send_content(self, connection, request_body):
151
152 connection.putheader("Referer", "https://localhost/demo/")
153 connection.putheader("Origin", "https://localhost")
154 connection.putheader("X-Requested-With", "XMLHttpRequest")
155
156 connection.putheader("Content-Type", "text/xml")
157 connection.putheader("Content-Length", str(len(request_body)))
158 connection.endheaders()
159 if request_body:
160 connection.send(request_body)
161
162 roundup_server = xmlrpclib.ServerProxy(
163 'https://admin:admin@localhost/demo/xmlrpc',
164 transport=SpecialTransport(),
165 verbose=False,
166 allow_none=True)
167
168 print roundup_server.schema()
169 print roundup_server.display('user2', 'username')
170 print roundup_server.display('issue1', 'status')
171 print roundup_server.filter('user',['1','2','3'],{'username':'demo'})
Roundup Issue Tracker: http://roundup-tracker.org/