Custom Query (1173 matches)
Results (271 - 273 of 1173)
| Ticket | Resolution | Summary | Owner | Reporter |
|---|---|---|---|---|
| #305 | FIXED | Getting unwarranted exceptions (from CSRF code) when crawled by GoogleBot & friends | ||
| Description |
Errors are like so:
::
Error - <type 'exceptions.AttributeError'>: 'BaseResponse' object has no attribute 'vary'
URL: http://mediagoblin.com/tag/barcelona/atom/
File '/srv/mediagoblin.com/lib/python2.6/site-packages/Paste-1.7.5.1-py2.6.egg/paste/exceptions/errormiddleware.py', line 144 in __call__
app_iter = self.application(environ, sr_checker)
File '/srv/mediagoblin.com/lib/python2.6/site-packages/Beaker-1.6.1-py2.6.egg/beaker/middleware.py', line 155 in __call__
return self.wrap_app(environ, session_start_response)
File '/srv/mediagoblin.com/src/mediagoblin/mediagoblin/app.py', line 175 in __call__
m.process_response(request, response)
File '/srv/mediagoblin.com/src/mediagoblin/mediagoblin/middleware/csrf.py', line 101 in process_response
response.vary = (response.vary or []) + ['Cookie']
AttributeError: 'BaseResponse' object has no attribute 'vary'
It looks like there is no response.vary, which is what is causing
this error...
|
|||
| #331 | FIXED | Allow prevention of csrf protection | ||
| Description |
Intro¶
======
Sounds strange, right?
Well, if we want to implement most APIs, we need to handle POST
security directly in the views and our current CSRF protection will
interfere.
So we need to disable it on a pre view basis.
How to mark views for disabling csrf protection¶
================================================
We have two simple options:
On the view directly¶
---------------------
::
def disable_csrf_protection(func):
func.no_csrf = True
return func
@disable_csrf_protection
def view(...):
I prefer this one.
In the Routing tables¶
----------------------
::
Route('mediagoblin.auth.resend_verification', '/resend_verification/',
no_csrf=True,
controller='mediagoblin.auth.views:resend_activation'),
Middleware needs¶
=================
Currently the middleware (meddleware) handles requests before they
hit routing. So inside the middleware we don't know the routing
table entry / controller.
So we should either add a "post routing" middleware method or move
the current handling a bit down.
|
|||
| #552 | fixed | GMGTableBase uses default kwarg of {} in methods | ||
| Description |
A few places in GMGTableBase have method definitions that look something like: def find_one(cls, query_dict={}):
...
This is almost certainly not what the authors intended. The default argument list is only evaluated once during execution, at import time. The code above creates a single dictionary as the default, and if this is mutated down the line, the mutated value becomes the default for subsequent calls. In these particular cases it's unlikely to cause problems -- that argument will almost certainly be passed in -- but in the event it's not, this can cause very strange, difficult to diagnose behavior. The correct approach is to use an immutable value as an argument default. Note that this same problem exists for class level attributes: defining a class such as: class Foo(object):
bar = {}
means that for *every* instance of |
|||
