Roundup Tracker - Issues

Message7535

Author rouilj
Recipients marcus.priesch, rouilj
Date 2022-05-17.21:21:22
Message-id <1652822482.09.0.191735892951.issue2551205@roundup.psfhosted.org>
In-reply-to 
First pass at implementation.

Changes from spec:

confi.ini param is allowed_api_origins (shorter name).
Origin values are space (not comma) separated and must exactly equal the origin header value. 
So  https://foo.edu is not the same as https://Foo.edu.

It seems to me that these should be a case insensitive match, but the original CORS spec says 
case sensitive and the newer spec has nothing to say on it.

check_origin_header(self, api=False) renamed as is_origin_header_ok(self, api=false)

Swapped out xmlrpc parm for api param. Updated comments.

The code to handle preflight requests isn't done yet, so those items are still open.

Also until CORS preflight support is implemented for xmlrpc, I am not adding origin
filter there.

Docs updated.

changeset:   6681:ab2ed11c021e
History
Date User Action Args
2022-05-17 21:21:22rouiljsetmessageid: <1652822482.09.0.191735892951.issue2551205@roundup.psfhosted.org>
2022-05-17 21:21:22rouiljsetrecipients: + rouilj, marcus.priesch
2022-05-17 21:21:22rouiljlinkissue2551205 messages
2022-05-17 21:21:22rouiljcreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020