| From: | Magnus Hagander <magnus(at)hagander(dot)net> |
|---|---|
| To: | Marti Raudsepp <marti(at)juffo(dot)org> |
| Cc: | pgsql-www <pgsql-www(at)postgresql(dot)org> |
| Subject: | Re: [PATCH] Fix CSRF verification on /api/varnish/purge & misc |
| Date: | 2012-11-11 12:22:20 |
| Message-ID: | CABUevEx+=ymD=8WOwMKcfKBAgXX3KC6F_Lno=pZBDjo6xia_JQ@mail.gmail.com |
| Views: | Whole Thread | Raw Message | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-www |
On Wed, Nov 7, 2012 at 10:30 PM, Marti Raudsepp <marti(at)juffo(dot)org> wrote:
> Hi list,
>
> Three more patches:
>
> 0001-Update-ssl_required-decorator-to-play-nice-with-othe.patch
>
> This is the important one to make /api/varnish/purge/ work again. The
> @ssl_required decorator now cooperates with other decorators and
> retains attributes, rather than overriding them all.
>
> The other 2 decorators in util/decorators.py probably also need this
> fix, but I decided not to do it now to reduce testing effort.
>
> 0002-Fix-small-bug-in-api_varnish_purge-error-path.patch
>
> Insignificant: return HttpResponse instead of raising it in error path.
>
> 0003-CSRF-verification-failure-now-returns-HTTP-403-Forbi.patch
>
> The CSRF failure view previously returned with HTTP status 200 OK.
> That's wrong -- apps and browsers should be signaled that the request
> failed. Now returns 403 Forbidden.
Hi
They look good based on description. However, I believe you forgot to
attach the actual files.
--
Magnus Hagander
Me: http://www.hagander.net/
Work: http://www.redpill-linpro.com/
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Marti Raudsepp | 2012-11-11 12:51:34 | Re: [PATCH] Fix CSRF verification on /api/varnish/purge & misc |
| Previous Message | Magnus Hagander | 2012-11-11 12:20:52 | Re: [PATCH] Fix CSRF verification in /admin/mergeorg/ and /admin/purge/ |