Roundup Tracker - Issues

Issue 2551024

classification
REST interface doesn't respect anti-CSRF header X-REQUESTED-WITH
Type: behavior Severity: normal
Components: Web interface Versions: devel
process
Status: fixed fixed
:
: rouilj : rouilj, schlatterbeck
Priority: normal : Effort-Low, rest

Created on 2019-02-19 01:00 by rouilj, last changed 2019-06-02 00:23 by rouilj.

Messages
msg6356 Author: [hidden] (rouilj) Date: 2019-02-19 01:00
As part of the integration of the REST interface, the X-REQUESTED-WITH
http header should be checked for existence just like the xmlrpc 
interface.

See the handle_xmlrpc function for the validation code and copy
to handle_rest.

Note that there is a pending patch to make processing of the
X-REQUESTED-WITH header work under wsgi. Currently it is broken under
WSGI. See issue2551023.
msg6496 Author: [hidden] (rouilj) Date: 2019-06-02 00:23
fixed in rev5696:b67636bc87d0 on Sun Apr 07 20:27:25 2019 -0400
History
Date User Action Args
2019-06-02 00:23:10rouiljsetkeywords: + Effort-Low, rest
assignee: rouilj
status: new -> fixed
messages: + msg6496
resolution: fixed
2019-02-19 01:00:37rouiljcreate