| Thu, 23 Feb 2023 12:01:33 -0500 |
John Rouillard |
improve REST interface security
|
| Tue, 21 Feb 2023 22:35:58 -0500 |
John Rouillard |
Refactor rejecting requests; update tests, xfail test
|
| Tue, 21 Feb 2023 16:42:20 -0500 |
John Rouillard |
better rest Origin check; refactor CORS preflight code.
|
| Sun, 11 Dec 2022 18:54:21 -0500 |
John Rouillard |
bug: handle exception when origin header is missing
|
| Tue, 06 Dec 2022 15:07:18 -0500 |
John Rouillard |
pylint: fix first reference to properties outside of __init__
|
| Fri, 25 Nov 2022 22:25:17 -0500 |
John Rouillard |
Fix typo in comment.
|
| Thu, 24 Nov 2022 11:33:24 -0500 |
John Rouillard |
bug: fix crash unguarded reference allowed_origins[0]
|
| Wed, 23 Nov 2022 22:25:34 -0500 |
John Rouillard |
Remove dead code for handling LogoutAction.
|
| Wed, 23 Nov 2022 22:23:50 -0500 |
John Rouillard |
refactor: consolidate sets of identical log messages, flake8 fixes
|
| Mon, 21 Nov 2022 18:47:03 -0500 |
John Rouillard |
Fix internationalized strings with multiple unlabeled % replacements.
|
| Mon, 21 Nov 2022 18:26:07 -0500 |
John Rouillard |
Fix internationalized strings with multiple unlabeled % replacements.
|
| Wed, 14 Sep 2022 17:48:51 -0400 |
John Rouillard |
flake8 - remove re.compile from method arg + test + doc
|
| Wed, 14 Sep 2022 16:06:29 -0400 |
John Rouillard |
flake8 - bare exceptions
|
| Wed, 14 Sep 2022 15:59:59 -0400 |
John Rouillard |
flake8 - remove unused imports, unused vars, whitespace fixes
|
| Wed, 14 Sep 2022 15:08:54 -0400 |
John Rouillard |
flake8 whitespace fixes plus X == True -> X is True
|
| Thu, 01 Sep 2022 15:06:53 -0400 |
John Rouillard |
application/javascript is now text/javascript
|
| Wed, 03 Aug 2022 17:34:58 -0400 |
John Rouillard |
Refactor client.py session cookie code. Remove session db access.
|
| Tue, 07 Jun 2022 09:39:35 -0400 |
John Rouillard |
issue2551203 - Add support for CORS preflight request
|
| Tue, 17 May 2022 17:18:51 -0400 |
John Rouillard |
issue2551205: Add support for specifying valid origins for api: xmlrpc/rest
|
| Tue, 03 May 2022 14:51:59 +0200 |
Ralf Schlatterbeck |
Add i18n object to roundupdb.Database
|
| Mon, 02 May 2022 16:17:13 -0400 |
John Rouillard |
Fix header value. needs to be string not integer.
|
| Thu, 28 Apr 2022 19:21:08 -0400 |
John Rouillard |
Fix hang in unsatisfyable range or HEAD request for static file
|
| Sun, 23 Jan 2022 18:57:45 -0500 |
John Rouillard |
Summary: Add test cases for sqlite fts
|
| Sat, 11 Dec 2021 12:05:10 +0100 |
Christof Meerwald |
header values should always be strings (at least "flup" cares)
|
| Thu, 09 Dec 2021 20:11:58 -0500 |
John Rouillard |
Fix spurious content-ty on 304; xfail css Cache-Control
|
| Thu, 09 Dec 2021 17:36:08 -0500 |
John Rouillard |
issue2550991 - Some mechanism to set expiration header or max age for static resources
|
| Tue, 07 Dec 2021 11:15:04 -0500 |
John Rouillard |
issue2551178 - fix Traceback in Apache WSGI
|
| Wed, 01 Dec 2021 19:52:54 -0500 |
John Rouillard |
issue2551175 - Make ETag content-encoding aware.
|
| Sat, 16 Oct 2021 13:34:04 -0400 |
John Rouillard |
Fix 204 responses, hangs and crashes with REST.
|
| Wed, 06 Oct 2021 15:45:15 -0400 |
John Rouillard |
Eliminate hang with unauthorized use of REST interface.
|
| Wed, 18 Aug 2021 21:00:11 -0400 |
John Rouillard |
Fix typo referencing config.
|
| Sat, 24 Jul 2021 16:31:36 -0400 |
John Rouillard |
issue2551147 - Enable compression of http responses in roundup.
|
| Sat, 26 Jun 2021 20:59:33 -0400 |
John Rouillard |
Add image/svg-xml as valid type to serve.
|
| Mon, 14 Jun 2021 19:33:27 -0400 |
John Rouillard |
issue2550837 - New option for web auth (also http header passing)
|
| Sun, 18 Apr 2021 20:54:48 -0400 |
John Rouillard |
Fix issue2551129 - Template not found return 500 and traceback
|
| Wed, 09 Sep 2020 21:30:22 -0400 |
John Rouillard |
Replace http:....roundup-tracker.org with https.
|
| Fri, 31 Jul 2020 09:04:58 -0400 |
John Rouillard |
client.py fix comment typo
|
| Mon, 29 Jun 2020 15:48:04 +0200 |
Ralf Schlatterbeck |
New config-option 'cookie_takes_precedence'
|
| Sun, 12 Apr 2020 21:03:55 +0100 |
Christof Meerwald |
fixed logout action when there is no session
|
| Thu, 06 Feb 2020 19:48:22 +0000 |
Christof Meerwald |
changing the sid after checking for collisions defeats the purpose
|
| Mon, 13 Jan 2020 09:36:40 +0100 |
Ralf Schlatterbeck |
Add config option 'http_auth_convert_realm_to_lowercase'
|
| Tue, 31 Dec 2019 21:53:17 -0500 |
John Rouillard |
Bandit - ignore use of exec which re-raises exception
|
| Thu, 21 Nov 2019 20:50:56 -0500 |
John Rouillard |
Support setting cache-control headers for static files
|
| Wed, 23 Oct 2019 12:55:59 -0400 |
John Rouillard |
Fix crash bug where looking for @csrf in a form failed.
|
| Sat, 19 Oct 2019 16:35:08 -0400 |
John Rouillard |
Refactor jwt auth into authenticate_bearer_token() method on Client
|
| Sun, 13 Oct 2019 17:45:06 -0400 |
John Rouillard |
issue2550925 strip HTTP_PROXY environment variable
|
| Sat, 28 Sep 2019 18:28:17 -0400 |
John Rouillard |
Add "rest" and "xmlrpc" values for database tx_Source property
|
| Fri, 27 Sep 2019 23:29:59 -0400 |
John Rouillard |
add permissions to control user of rest and xmlrpc API interfaces.
|
| Fri, 27 Sep 2019 20:38:31 -0400 |
John Rouillard |
Add rudimentery experiment JSON Web Token (jwt) support
|
| Mon, 15 Jul 2019 20:59:12 -0400 |
John Rouillard |
Change microcopy for missing csrf to follow mismatched csrf. Fix tests.
|
| Mon, 15 Jul 2019 20:41:24 -0400 |
John Rouillard |
Fix microcopy for CSRF validation failure. Remove display of bad
|
| Sat, 06 Jul 2019 13:12:58 -0400 |
John Rouillard |
Fix problem with cgi.escape being depricated a different way. This way
|
| Wed, 12 Jun 2019 17:26:02 -0400 |
John Rouillard |
html.escape(string, quote=...) sets quote to True not False by
|
| Tue, 11 Jun 2019 22:37:22 -0400 |
John Rouillard |
catching last couple of cgi.escape references.
|
| Sat, 08 Jun 2019 21:10:39 -0400 |
John Rouillard |
issue2551046: Attempts to attach file or create large message fail
|
| Sun, 07 Apr 2019 20:27:25 -0400 |
John Rouillard |
Add CSRF protection to rest code path. Follow same model as for
|
| Sun, 24 Mar 2019 21:49:17 +0000 |
Joseph Myers |
Adjust make_file override to use binary files only when needed.
|
| Fri, 22 Mar 2019 23:59:02 -0400 |
John Rouillard |
Handle LoginError in rest code. Stop standard "an error occurred check
|
| Tue, 19 Mar 2019 22:01:13 -0400 |
John Rouillard |
Add missing caveat about the BinaryFieldStorage class.
|
| Tue, 19 Mar 2019 21:58:49 -0400 |
John Rouillard |
Implement different workaround for https://bugs.python.org/issue27777
|
