Project

General

Profile

Development #8937

Improve decorators.json

Added by Benjamin Dauvergne over 5 years ago. Updated about 3 years ago.

Status:
Fermé
Priority:
Normal
Category:
-
Target version:
Start date:
10 Nov 2015
Due date:
% Done:

100%

Estimated time:
Patch proposed:
Yes
Planning:

Description

We do not differentiate JSONP from AJAX when checking for Origin, but we should as rules governing this two modes are different:
  • with AJAX/CORS it's garanteed by the browser that an Origin header will be present if not, it's a direct call and should not be blocked
  • with JSONP it can happen that the user is behind proxy removing Referer in this case we should block the call

Files

Associated revisions

Revision a6bd4f50 (diff)
Added by Benjamin Dauvergne over 5 years ago

improve AJAX/JSONP support in decorators.json (fixes #8937)

History

#2

Updated by Benjamin Dauvergne over 5 years ago

Tests coming soon.

#3

Updated by Benjamin Dauvergne over 5 years ago

  • Status changed from Nouveau to Résolu (à déployer)
  • % Done changed from 0 to 100
#4

Updated by Benjamin Dauvergne about 5 years ago

  • Status changed from Résolu (à déployer) to Solution déployée
#5

Updated by Benjamin Dauvergne about 3 years ago

  • Status changed from Solution déployée to Fermé

Also available in: Atom PDF