Mercurial Repository: p/roundup/code: doc/upgrading.txt comparison

comparison doc/upgrading.txt @ 7507:f3c456e9a6c2

Link to example advanced xmlrpc client and recommend it first. Change link from xmlrpc.html to the section referenced. Also recommend changing the client first rather than disabling csrf protection.

author	John Rouillard <rouilj@ieee.org>
date	Wed, 21 Jun 2023 15:02:01 -0400
parents	38de0d748284
children	273c8c2b5042

comparison

equal deleted inserted replaced

-:38de0d748284
+:f3c456e9a6c2
 When performing and xmlrpc call, if you see something like::
 xmlrpclib.Fault: <Fault 1: "<class
 'roundup.exceptions.UsageError'>:Required Header Missing">
-change the setting of csrf_enforce_header_x-requested-with in
+change your xmlrpc client to add appropriate headers to
-config.ini to no. So it looks like::
+the request including the:
+X-Requested-With:
+header as well as any other required csrf headers (e.g. referer,
+origin) configured in config.ini. See the `advanced python client
+<xmlrpc.html#advanced-python-client-adding-anti-csrf-headers>`_ at
+the end of the xmlrpc guide.
+Alternatively change the setting of
+csrf_enforce_header_x-requested-with in config.ini to ``no``. So it
+looks like::
 csrf_enforce_header_x-requested-with = no
-Alternatively change your xmlrpc client to add appropriate headers to
+This is not recommended as it reduces csrf protection.
-the request including the:
-X-Requested-With:
-header as well as any other required csrf headers (e.g. referer, origin)
-configured in config.ini. See the advanced python client at the end of
-the `xmlrpc guide`_.
 Support for SameSite cookie option for session cookie
 -----------------------------------------------------
 Support for serving the session cookie using the SameSite cookie option

Mercurial > p > roundup > code

comparison doc/upgrading.txt @ 7507:f3c456e9a6c2