Message6359
Hi Cédric:
In message <1550566540.06.0.890861302485.issue2551023@roundup.psfhosted.org>,
=?utf-8?q?C=C3=A9dric_Krier?= writes:
>Cédric Krier added the comment:
>
>Here is an updated version of the patch because I missed one check using
>the same variable for config and env.
Deployed to my instances.
>But maybe it will be better to also remove the - in the configuration.
Do you mean changing:
csrf_enforce_header_X-REQUESTED-WITH
to
csrf_enforce_header_X_REQUESTED_WITH
In this case the header's name in the http protocol is
X-REQUESTED-WITH right? This describes the actual header name one
would look for to find documentation. It does not describe the CGI
variable name mapped to that header. As a result I think it makes more
sense to stay with csrf_enforce_header_X-REQUESTED-WITH.
I'll see if somebody on the dev list is able/interested to do a 1.6.1
release. That should handle your immediate issue for a gentoo release. |
|
Date |
User |
Action |
Args |
2019-02-20 01:26:13 | rouilj | set | recipients:
+ rouilj, schlatterbeck, ThomasAH, ced |
2019-02-20 01:26:13 | rouilj | link | issue2551023 messages |
2019-02-20 01:26:13 | rouilj | create | |
|