Mercurial > p > roundup > code
comparison roundup/configuration.py @ 5698:c7dd1cae3416
Update rest.txt example to include headers required for CSRF
validation. Update config doc: X-Requested-With is used with rest as
well as xmlrpc.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Mon, 08 Apr 2019 20:00:01 -0400 |
| parents | 79da1ca2f94b |
| children | cad18de2b988 |
comparison
equal
deleted
inserted
replaced
| 5697:5a9159ad773f | 5698:c7dd1cae3416 |
|---|---|
| 766 log if the field is invalid or missing, but accept | 766 log if the field is invalid or missing, but accept |
| 767 the post. | 767 the post. |
| 768 Set this to 'no' to ignore the field and accept the post. | 768 Set this to 'no' to ignore the field and accept the post. |
| 769 """), | 769 """), |
| 770 (CsrfSettingOption, 'csrf_enforce_header_X-REQUESTED-WITH', "yes", | 770 (CsrfSettingOption, 'csrf_enforce_header_X-REQUESTED-WITH', "yes", |
| 771 """This is only used for xmlrpc requests. This test is | 771 """This is only used for xmlrpc and rest requests. This test is |
| 772 done after Origin and Referer headers are checked. It only | 772 done after Origin and Referer headers are checked. It only |
| 773 verifies that the X-Requested-With header exists. The value | 773 verifies that the X-Requested-With header exists. The value |
| 774 is ignored. | 774 is ignored. |
| 775 Set this to 'required' to block the post and notify | 775 Set this to 'required' to block the post and notify |
| 776 the user if the header is missing or invalid. | 776 the user if the header is missing or invalid. |