view doc/glossary.txt @ 7155:89a59e46b3af

improve REST interface security When using REST, we reflect the client's origin. If the wildcard '*' is used in allowed_api_origins all origins are allowed. When this is done, it also added an 'Access-Control-Allow-Credentials: true' header. This Credentials header should not be added if the site is matched only by '*'. This header should be provided only for explicit origins (e.g. https://example.org) not for the wildcard. This is now fixed for CORS preflight OPTIONS request as well as normal GET, PUT, DELETE, POST, PATCH and OPTIONS requests. A missing Access-Control-Allow-Credentials will prevent the tracker from being accessed using credentials. This prevents an unauthorized third party web site from using a user's credentials to access information in the tracker that is not publicly available. Added test for this specific case. In addition, allowed_api_origins can include explicit origins in addition to '*'. '*' must be first in the list. Also adapted numerous tests to work with these changes. Doc updates.
author John Rouillard <rouilj@ieee.org>
date Thu, 23 Feb 2023 12:01:33 -0500
parents 9ca128103a3a
children 648d5916c248
line wrap: on
line source

.. meta::
    :description:
        Definitions of terms used in the Roundup Issue Tracker
	documentation.

================
Roundup Glossary
================


class
   a definition of the properties and behaviour of a set of items
classname
   the name of a class. It must start with a letter, end with a letter
   or "_", and only have alphanumerics and "_" in the middle.
db (or hyperdb)
   a collection of items
designator
   a combined class + itemid reference to any item in the
   hyperdb. E.g. issue26. Note that form values can include
   something that looks like a designator composed of a classname, a
   dash '-', and a number. E.g. file-1. These
   are used to create new instances of a class via the web interface.
itemid
   a numeric reference to a particular item of one class
item
   a collection of data that forms one entry in the hyperdb.
property
   one element of data that makes up an item. In Roundup, the set 
   of item properties may be changed as needed - even after the 
   tracker has been initialised and used in production.
schema
   the definition of all the classes that make up an tracker
tracker
   the schema and hyperdb that forms one issue tracker
tracker home
   the physical location on disk of a tracker


-----------------

Back to `Table of Contents`_

.. _`Table of Contents`: ../docs.html


Roundup Issue Tracker: http://roundup-tracker.org/