Development #8937
Improve decorators.json
Start date:
10 Nov 2015
Due date:
% Done:
100%
Patch proposed:
Yes
Planning:
No
Description
We do not differentiate JSONP from AJAX when checking for Origin, but we should as rules governing this two modes are different:
- with AJAX/CORS it's garanteed by the browser that an Origin header will be present if not, it's a direct call and should not be blocked
- with JSONP it can happen that the user is behind proxy removing Referer in this case we should block the call
Associated revisions
improve AJAX/JSONP support in decorators.json (fixes #8937)
History
#1 Updated by Benjamin Dauvergne about 4 years ago
- Patch proposed changed from No to Yes
- File 0001-improve-AJAX-JSONP-support-in-decorators.json.patch View added
#2 Updated by Benjamin Dauvergne about 4 years ago
Tests coming soon.
#3 Updated by Benjamin Dauvergne about 4 years ago
- Status changed from Nouveau to Résolu (à déployer)
- % Done changed from 0 to 100
Appliqué par commit authentic2|a6bd4f50589bdccb14a3e636fd542f660c88341d.
#4 Updated by Benjamin Dauvergne almost 4 years ago
- Status changed from Résolu (à déployer) to Solution déployée
#5 Updated by Benjamin Dauvergne about 2 years ago
- Status changed from Solution déployée to Fermé