Mercurial > libervia-web

view src/browser/public/libervia.html @ 956:dabecab10faa

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
server (pages): impleted CSRF protection: A basic CSRF protection has been implemented using CSRF token. The token is created on session creation, and checked on data post. The process should be fully automatic, and a hidden field is added in forms in sat_templates when csrf_token is present in template data (require to import input/form.html with context). If token is wrong on absent, an unauthorized error page is returned (and client ip is logged). Also don't use anymore inlineCallbacks in _on_data_post, as StopIteration exception are catched by inlineCallbacks, resulting in bad behaviour. As a further security, getPostedDate raise a KeyError instead of StopIteration is a specific key is looked for and missing. Added HTTP_SEE_OTHER status code in constants.
author Goffi <goffi@goffi.org>
date Mon, 10 Jul 2017 19:10:31 +0200
parents 03e9fe91081c
children
line wrap: on
line source

<!--
Libervia: a Salut à Toi frontend
Copyright (C) 2011  Jérôme Poisson (goffi@goffi.org)

This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
GNU Affero General Public License for more details.

You should have received a copy of the GNU Affero General Public License
along with this program.  If not, see <http://www.gnu.org/licenses/>.
-->

<html>
<head profile="http://www.w3.org/2005/10/profile">
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<meta name="pygwt:module" content="libervia_main">
<link rel='stylesheet' href='libervia.css'>
<link rel="icon" type="image/png" href="sat_logo_16.png">

<title>Libervia</title>
</head>
<body bgcolor="white">
<script language="javascript" src="bootstrap.js"></script>
<script language="javascript" src="favico.min.js"></script>
<iframe id='__pygwt_historyFrame' style='display:none;width:0;height:0;border:0'></iframe>
</body>
</html>