Skip to content

add require_csrf argument to add_jsonrpc_endpoint#47

Open
ztane wants to merge 3 commits into
Pylons:masterfrom
ztane:master
Open

add require_csrf argument to add_jsonrpc_endpoint#47
ztane wants to merge 3 commits into
Pylons:masterfrom
ztane:master

Conversation

@ztane

@ztane ztane commented Aug 29, 2017

Copy link
Copy Markdown

No description provided.

@ztane

ztane commented Aug 29, 2017

Copy link
Copy Markdown
Author

I didn't touch XML-RPC stuff, because I just need the JSON-RPC right now and ASAP.

@mmerickel mmerickel left a comment

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks this looks fine but prior to release this needs the following updates:

  • Fix exception views to always have require_csrf=False.
  • Drop support for Pyramid < 1.7 in tox.ini and in documentation.
  • Add require_csrf to xmlrpc.

Comment thread pyramid_rpc/jsonrpc.py
config.add_view(exception_view, route_name=name, context=Exception,
permission=NO_PERMISSION_REQUIRED)
permission=NO_PERMISSION_REQUIRED,
require_csrf=require_csrf)

Copy link
Copy Markdown
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This is an exception view, it should always have require_csrf=False.

Also the JsonRpcError exception view in the includeme should also have require_csrf=False.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants