[csw-devel] SF.net SVN: gar:[21929] csw/mgar/gar/v2/lib/web/pkgdb_web.py
wahwah at users.sourceforge.net
wahwah at users.sourceforge.net
Sat Sep 14 17:37:57 CEST 2013
Revision: 21929
http://gar.svn.sourceforge.net/gar/?rev=21929&view=rev
Author: wahwah
Date: 2013-09-14 15:37:57 +0000 (Sat, 14 Sep 2013)
Log Message:
-----------
pkgdb-web: If a package is not there, still allow
It's about XSS protection: the server should always return the Allow-From
header even when it returns a 404, otherwise clients (e.g. jQuery) return
errors.
Modified Paths:
--------------
csw/mgar/gar/v2/lib/web/pkgdb_web.py
Modified: csw/mgar/gar/v2/lib/web/pkgdb_web.py
===================================================================
--- csw/mgar/gar/v2/lib/web/pkgdb_web.py 2013-09-14 15:37:49 UTC (rev 21928)
+++ csw/mgar/gar/v2/lib/web/pkgdb_web.py 2013-09-14 15:37:57 UTC (rev 21929)
@@ -477,6 +477,7 @@
def GET(self, catrel_name, arch_name, osrel_name, catalogname):
"""Get a srv4 reference by catalog ane catalogname."""
+ web.header('Access-Control-Allow-Origin', '*')
try:
sqo_osrel, sqo_arch, sqo_catrel = models.GetSqoTriad(
osrel_name, arch_name, catrel_name)
@@ -500,7 +501,6 @@
srv4 = res.getOne()
mimetype, data = srv4.GetRestRepr()
web.header('Content-type', mimetype)
- web.header('Access-Control-Allow-Origin', '*')
return cjson.encode(data)
except sqlobject.main.SQLObjectNotFound:
raise web.notfound()
This was sent by the SourceForge.net collaborative development platform, the world's largest Open Source development site.
More information about the devel
mailing list