Project

General

Profile

Development #8937

Improve decorators.json

Added by Benjamin Dauvergne almost 4 years ago. Updated over 1 year ago.

Status:
Fermé
Priority:
Normal
Category:
-
Target version:
Start date:
10 Nov 2015
Due date:
% Done:

100%

Patch proposed:
Yes
Planning:
No

Description

We do not differentiate JSONP from AJAX when checking for Origin, but we should as rules governing this two modes are different:
  • with AJAX/CORS it's garanteed by the browser that an Origin header will be present if not, it's a direct call and should not be blocked
  • with JSONP it can happen that the user is behind proxy removing Referer in this case we should block the call

0001-improve-AJAX-JSONP-support-in-decorators.json.patch View (2.97 KB) Benjamin Dauvergne, 10 Nov 2015 10:27 AM

Associated revisions

Revision a6bd4f50 (diff)
Added by Benjamin Dauvergne almost 4 years ago

improve AJAX/JSONP support in decorators.json (fixes #8937)

History

#1 Updated by Benjamin Dauvergne almost 4 years ago

#2 Updated by Benjamin Dauvergne almost 4 years ago

Tests coming soon.

#3 Updated by Benjamin Dauvergne almost 4 years ago

  • Status changed from Nouveau to Résolu (à déployer)
  • % Done changed from 0 to 100

#4 Updated by Benjamin Dauvergne over 3 years ago

  • Status changed from Résolu (à déployer) to Solution déployée

#5 Updated by Benjamin Dauvergne over 1 year ago

  • Status changed from Solution déployée to Fermé

Also available in: Atom PDF