Roundup Tracker - Issues

Issue 2551024

classification
Title: REST interface doesn't respect anti-CSRF header X-REQUESTED-WITH
Type: behavior Severity: normal
Components: Web interface Versions: devel
process
Status: new Resolution:
Dependencies: Superseder:
Assigned To: Nosy List: rouilj, schlatterbeck
Priority: normal Keywords:

Created on 2019-02-19 01:00 by rouilj, last changed 2019-02-19 01:00 by rouilj.

Messages
msg6356 Author: [hidden] (rouilj) Date: 2019-02-19 01:00
As part of the integration of the REST interface, the X-REQUESTED-WITH
http header should be checked for existence just like the xmlrpc 
interface.

See the handle_xmlrpc function for the validation code and copy
to handle_rest.

Note that there is a pending patch to make processing of the
X-REQUESTED-WITH header work under wsgi. Currently it is broken under
WSGI. See issue2551023.
History
Date User Action Args
2019-02-19 01:00:37rouiljcreate