Roundup Tracker - Issues

Message8242

Author rouilj
Recipients rouilj
Date 2025-01-01.02:55:29
Message-id <1735700130.2.0.685958817716.issue2551384@roundup.psfhosted.org>
In-reply-to 
I have the working, but some 400 errors turn into 403 errors. This happens for
malformed CORS preflight requests. Also if an Origin is invalid, but the user
doesn't have REST access, the returned code is now 403 when it was 400 before.

I don't think this is a problem. For CORS, an error is an error so I claim
400 or 403 is all the same.

By requiring the user to have REST access, unauthorized users can't probe
valid ORIGIN headers.

It does have an upgrading.txt info notice as well as a CHANGES.txt entry.
History
Date User Action Args
2025-01-01 02:55:30rouiljsetmessageid: <1735700130.2.0.685958817716.issue2551384@roundup.psfhosted.org>
2025-01-01 02:55:30rouiljsetrecipients: + rouilj
2025-01-01 02:55:30rouiljlinkissue2551384 messages
2025-01-01 02:55:29rouiljcreate

Supported by The Python Software Foundation,
Powered by Roundup

Last modified: Fri Feb 28 22:02:04 EST 2020