Mercurial > kallithea
view setup.cfg @ 5811:9b74296e6af6 stable
auth: further sanitize requests to prevent GET CSRF (CVE-2016-3691)
Routes allows GET requests to override the HTTP method, which breaks
the Kallithea CSRF protection (which only applies to POST requests).
This commit blocks such GET request, preventing CSRF attacks.
author | Søren Løvborg <sorenl@unity3d.com> |
---|---|
date | Tue, 19 Apr 2016 18:02:56 +0200 |
parents | 19267f233d39 |
children | d88077fae3d6 |
line wrap: on
line source
[egg_info] tag_build = tag_svn_revision = 0 tag_date = 0 [nosetests] verbose = True verbosity = 2 with-pylons = kallithea/tests/test.ini detailed-errors = 1 nologcapture = 1 [pytest] # only look for tests in kallithea/tests python_files = kallithea/tests/**/test_*.py addopts = # --verbose # show extra test summary info as specified by chars (f)ailed, (E)error, (s)skipped, (x)failed, (X)passed, (w)warnings. -rfEsxXw # Shorter scrollbacks; less stuff to scroll through --tb=short [compile_catalog] domain = kallithea directory = kallithea/i18n statistics = true [extract_messages] add_comments = TRANSLATORS: output_file = kallithea/i18n/kallithea.pot msgid-bugs-address = translations@kallithea-scm.org copyright-holder = Various authors, licensing as GPLv3 no-wrap = true [init_catalog] domain = kallithea input_file = kallithea/i18n/kallithea.pot output_dir = kallithea/i18n [update_catalog] domain = kallithea input_file = kallithea/i18n/kallithea.pot output_dir = kallithea/i18n previous = true [build_sphinx] source-dir = docs/ build-dir = docs/_build all_files = 1 [upload_sphinx] upload-dir = docs/_build/html