Roundup Tracker - Issues

Message6359

Author rouilj
Recipients ThomasAH, ced, rouilj, schlatterbeck
Date 2019-02-20.01:26:13
Message-id <20190220012605.496714C04F8@itserver6.localdomain>
In-reply-to <1550566540.06.0.890861302485.issue2551023@roundup.psfhosted.org>
Hi Cédric:

In message <1550566540.06.0.890861302485.issue2551023@roundup.psfhosted.org>,
=?utf-8?q?C=C3=A9dric_Krier?= writes:
>Cédric Krier added the comment:
>
>Here is an updated version of the patch because I missed one check using
>the same variable for config and env.

Deployed to my instances.

>But maybe it will be better to also remove the - in the configuration.

Do you mean changing:

  csrf_enforce_header_X-REQUESTED-WITH

to

  csrf_enforce_header_X_REQUESTED_WITH

In this case the header's name in the http protocol is
X-REQUESTED-WITH right? This describes the actual header name one
would look for to find documentation. It does not describe the CGI
variable name mapped to that header. As a result I think it makes more
sense to stay with csrf_enforce_header_X-REQUESTED-WITH.

I'll see if somebody on the dev list is able/interested to do a 1.6.1
release. That should handle your immediate issue for a gentoo release.
History
Date User Action Args
2019-02-20 01:26:13rouiljsetrecipients: + rouilj, schlatterbeck, ThomasAH, ced
2019-02-20 01:26:13rouiljlinkissue2551023 messages
2019-02-20 01:26:13rouiljcreate