Mercurial > p > roundup > code
view website/issues/html/home.about.html @ 6681:ab2ed11c021e
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
We now have an allow list to filter the hosts allowed to do api
requests. An element of this allow list must match the http ORIGIN
header exactly or the rest/xmlrpc CORS request will result in an
error.
The tracker host is always allowed to do a request.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Tue, 17 May 2022 17:18:51 -0400 |
| parents | 4155ed7f00f4 |
| children |
line wrap: on
line source
<!-- dollarId: issue.index,v 1.2 2001/07/29 04:07:37 richard Exp dollar--> <tal:block metal:use-macro="templates/page/macros/icing"> <title metal:fill-slot="head_title" i18n:translate="" > About this Tracker </title> <tal:block metal:fill-slot="body_title" i18n:translate=""> About this Tracker </tal:block> <div class="content" metal:fill-slot="content"> <span tal:condition="not:python:request.user.hasRole('Admin')" tal:omit-tag="python:1" i18n:translate=""> Please login with your username and password to find out about this tracker. </span> <div tal:condition="python:request.user.hasRole('Admin')" tal:omit-tag="python:1" i18n:translate=""> <div tal:replace="structure python:utils.AboutPage(db)"></div> </div> </div> </tal:block>