Message6357
On 2019-02-19 00:39, John Rouillard wrote:
> I assume this has fixed your issue with wsgi and the CSRF code is now
> working ok?
Yes it did.
> Where should this patch be applied? If I understand you correctly
> this breaks CSRF behind a proxy (as X-FORWARDED-HOST is not mapped
> correctly). It also breaks xmlrpc (but not REST yet) when
> the X-REQUESTED-WITH header is required.
I got issue only with xmlrpc API for now. But no issue with CSRF because
my configuration is 'yes' and not 'required'.
> It certainly needs to be applied to the tip, but maybe we also need
> to create a branch from 1.6.0 and somebody can release a 1.6.1?
>
> So what do you think?
Yes it will be great to have a bugfix release.
Otherwise as the roundup package manager for Gentoo, I will have to
apply this patch on the 1.6.0 ebuild. |
|
Date |
User |
Action |
Args |
2019-02-19 08:54:04 | ced | set | recipients:
+ ced, schlatterbeck, rouilj, ThomasAH |
2019-02-19 08:54:04 | ced | link | issue2551023 messages |
2019-02-19 08:54:04 | ced | create | |
|