Mercurial > p > roundup > code
changeset 7507:f3c456e9a6c2
Link to example advanced xmlrpc client and recommend it first.
Change link from xmlrpc.html to the section referenced. Also recommend
changing the client first rather than disabling csrf protection.
| author | John Rouillard <rouilj@ieee.org> |
|---|---|
| date | Wed, 21 Jun 2023 15:02:01 -0400 |
| parents | 38de0d748284 |
| children | 055f47b41b8b |
| files | doc/upgrading.txt |
| diffstat | 1 files changed, 14 insertions(+), 9 deletions(-) [+] |
line wrap: on
line diff
--- a/doc/upgrading.txt Wed Jun 21 14:53:23 2023 -0400 +++ b/doc/upgrading.txt Wed Jun 21 15:02:01 2023 -0400 @@ -1455,19 +1455,24 @@ xmlrpclib.Fault: <Fault 1: "<class 'roundup.exceptions.UsageError'>:Required Header Missing"> -change the setting of csrf_enforce_header_x-requested-with in -config.ini to no. So it looks like:: - - csrf_enforce_header_x-requested-with = no - -Alternatively change your xmlrpc client to add appropriate headers to +change your xmlrpc client to add appropriate headers to the request including the: X-Requested-With: -header as well as any other required csrf headers (e.g. referer, origin) -configured in config.ini. See the advanced python client at the end of -the `xmlrpc guide`_. +header as well as any other required csrf headers (e.g. referer, +origin) configured in config.ini. See the `advanced python client +<xmlrpc.html#advanced-python-client-adding-anti-csrf-headers>`_ at +the end of the xmlrpc guide. + +Alternatively change the setting of +csrf_enforce_header_x-requested-with in config.ini to ``no``. So it +looks like:: + + csrf_enforce_header_x-requested-with = no + +This is not recommended as it reduces csrf protection. + Support for SameSite cookie option for session cookie -----------------------------------------------------