Mercurial > libervia-web
annotate .hgignore @ 956:dabecab10faa
server (pages): impleted CSRF protection:
A basic CSRF protection has been implemented using CSRF token. The token is created on session creation, and checked on data post.
The process should be fully automatic, and a hidden field is added in forms in sat_templates when csrf_token is present in template data (require to import input/form.html with context).
If token is wrong on absent, an unauthorized error page is returned (and client ip is logged).
Also don't use anymore inlineCallbacks in _on_data_post, as StopIteration exception are catched by inlineCallbacks, resulting in bad behaviour. As a further security, getPostedDate raise a KeyError instead of StopIteration is a specific key is looked for and missing.
Added HTTP_SEE_OTHER status code in constants.
| author | Goffi <goffi@goffi.org> |
|---|---|
| date | Mon, 10 Jul 2017 19:10:31 +0200 |
| parents | a5019e62c3e9 |
| children | a44f77559279 |
| rev | line source |
|---|---|
| 0 | 1 syntax: glob |
| 2 *.pyc | |
| 3 *.pyv | |
| 4 *.swp | |
| 5 *.swo | |
| 6 *.js | |
| 7 tags | |
| 8 twistd.log | |
| 9 twistd.pid | |
| 10 sat.egg-info | |
| 11 *.un~ | |
| 12 dist | |
| 13 MANIFEST | |
| 14 *.sh | |
|
5
c8d3821efc36
added build/ and Session.vim to .hgignore
Goffi <goffi@goffi.org>
parents:
0
diff
changeset
|
15 build/ |
|
c8d3821efc36
added build/ and Session.vim to .hgignore
Goffi <goffi@goffi.org>
parents:
0
diff
changeset
|
16 Session.vim |
| 180 | 17 ctags_links/ |
|
589
a5019e62c3e9
browser side: big refactoring to base Libervia on QuickFrontend, first draft:
Goffi <goffi@goffi.org>
parents:
180
diff
changeset
|
18 html/ |