Mercurial Repository: p/roundup/code: roundup/cgi/client.py comparison

Documentation and fix for REST headers issue2551372 - Better document necessary headers for REST and fix logging to log missing Origin header.

author	Ralf Schlatterbeck <rsc@runtux.com>
date	Wed, 04 Dec 2024 10:45:26 +0100
parents	3f0f4746dc7e
children	e84d4585b16d

comparison

equal deleted inserted replaced

-:5ea419c1d571
+:bd628e64725f
 # verify Origin is allowed on all requests including GET.
 # If a GET, missing origin is allowed  (i.e. same site GET request)
 if not self.is_origin_header_ok(api=True):
 if 'HTTP_ORIGIN' not in self.env:
 msg = self._("Required Header Missing")
+err = 'Origin header missing'
 else:
 msg = self._("Client is not allowed to use Rest Interface.")
+err = 'Unauthorized for REST request'
 # Use code 400. Codes 401 and 403 imply that authentication
 # is needed or authenticated person is not authorized.
 # Preflight doesn't do authentication.
 output = s2b(
 '{ "error": { "status": 400, "msg": "%s" } }' % msg)
 self.reject_request(output,
 message_type="application/json",
 status=400)
+logger.error(err)
 return
 # Handle CORS preflight request. We know rest is enabled
 # because handle_rest is called. Preflight requests
 # are unauthenticated, so no need to check permissions.

Mercurial > p > roundup > code