Mercurial > libervia-web
annotate .hgtags @ 956:dabecab10faa
server (pages): impleted CSRF protection:
A basic CSRF protection has been implemented using CSRF token. The token is created on session creation, and checked on data post.
The process should be fully automatic, and a hidden field is added in forms in sat_templates when csrf_token is present in template data (require to import input/form.html with context).
If token is wrong on absent, an unauthorized error page is returned (and client ip is logged).
Also don't use anymore inlineCallbacks in _on_data_post, as StopIteration exception are catched by inlineCallbacks, resulting in bad behaviour. As a further security, getPostedDate raise a KeyError instead of StopIteration is a specific key is looked for and missing.
Added HTTP_SEE_OTHER status code in constants.
author | Goffi <goffi@goffi.org> |
---|---|
date | Mon, 10 Jul 2017 19:10:31 +0200 |
parents | f38b8be94131 |
children | f72064f29d2a |
rev | line source |
---|---|
63
dc88ff7a030d
Added tag SàT v0.2.0 for changeset 12e889a683ce
Goffi <goffi@goffi.org>
parents:
diff
changeset
|
1 12e889a683ce07bfdb66ca3952c93fd97329d70c SàT v0.2.0 |
170
3a2ee1caf106
Added tag SàT v0.3.0 for changeset 732ed69ffe11
Goffi <goffi@goffi.org>
parents:
63
diff
changeset
|
2 732ed69ffe11a5116dc9f8e0b084d47cc3f5a658 SàT v0.3.0 |
386 | 3 f2c380af7304d65703cf2f88882d08b4236fd36e SàT v0.4.0 |
550 | 4 ff03fdb5215d31e65123da6646589f9393fcd929 SàT v0.5.0 |
552 | 5 9b217e14fc6a515902a66f719f3131250e83ea56 SàT v0.5.1 |
792
b993ff0fd02d
Added tag 0.6.0 for changeset 0af8a88ef6cd
Goffi <goffi@goffi.org>
parents:
552
diff
changeset
|
6 0af8a88ef6cd67563075f9daf2a66c4ce98c8443 0.6.0 |
908
f38b8be94131
Added tag 0.6.1 for changeset 3d372805f60c
Goffi <goffi@goffi.org>
parents:
904
diff
changeset
|
7 3d372805f60c80f03bc59430581c5a8958ed436e 0.6.1 |