Message6355
Hi Cédric:
I applied the patch to my test instance and ran the unit tests
without any failures. I will try testing using straight CGI to
verify that it works there. Also I'll test with my
roundup-server instance.
I assume this has fixed your issue with wsgi and the CSRF code is now
working ok?
Where should this patch be applied? If I understand you correctly
this breaks CSRF behind a proxy (as X-FORWARDED-HOST is not mapped
correctly). It also breaks xmlrpc (but not REST yet) when
the X-REQUESTED-WITH header is required.
It certainly needs to be applied to the tip, but maybe we also need
to create a branch from 1.6.0 and somebody can release a 1.6.1?
So what do you think?
-- rouilj |
|
Date |
User |
Action |
Args |
2019-02-19 00:39:42 | rouilj | set | messageid: <1550536782.56.0.745966646004.issue2551023@roundup.psfhosted.org> |
2019-02-19 00:39:42 | rouilj | set | recipients:
+ rouilj, schlatterbeck, ThomasAH, ced |
2019-02-19 00:39:42 | rouilj | link | issue2551023 messages |
2019-02-19 00:39:42 | rouilj | create | |
|