- 20 Aug, 2021 5 commits
-
-
Noé Gaumont authored
-
Noé Gaumont authored
-
Noé Gaumont authored
This is needed as rqlcontroller is listed as deps in signedrequest. This creates the following error in signedrequest: cubicweb._exceptions.ConfigurationError: cycles in graph: rqlcontroller -> signedrequest This is cubicweb related and not a cycle in deps directly.
-
Noé Gaumont authored
-
Noé Gaumont authored
-
- 11 Aug, 2021 1 commit
-
-
Laurent Peuch authored
POST for application/json are safe from csrf but not multipart/form-data. CSRF protection is thus disabled on application/json (no matter the authentications method). For multipart/form-data, there are 3 usecases: 1. multipart/form-data authenticated by cookies (webrowser), this requires csrf and this is handled by MultipartRqlIOController. 2. multipart/form-data anon user, this does not require csrf and this in handled by AnonMultipartRqlIOController 3. multipart/form-data authenticated with authorization, this does not requires csrf as there is an authentification. This is not handled here but in signed-request that implements the authentification.
-
- 22 Jul, 2021 1 commit
-
-
Laurent Peuch authored
-
- 03 Aug, 2021 1 commit
-
-
Cube Doctor authored
-
- 30 Jul, 2021 13 commits
-
-
Simon Chabot authored
-
Simon Chabot authored
-
Fabien Amarger authored
By the way move the extended version after all include to erase if needed
-
Fabien Amarger authored
-
Noé Gaumont authored
-
Noé Gaumont authored
-
Noé Gaumont authored
-
Noé Gaumont authored
-
Noé Gaumont authored
-
Simon Chabot authored
As of Cubicweb 3.32, there is a CSRF check on every controllers. However, the RQLIO one is a bit peculiar, as it is intended to be used by authenticated 3rd-parties, meaning that we can disable CSRF check because the RQLIO controllers does not rely on cookie authentication.
-
Fabien Amarger authored
-
Fabien Amarger authored
-
Fabien Amarger authored
because of CSRF
-
- 17 Jul, 2021 1 commit
-
-
Laurent Peuch authored
-
- 16 Jul, 2021 1 commit
-
-
Laurent Peuch authored
-
- 21 Apr, 2021 1 commit
-
-
Laurent Peuch authored
-
- 13 Jan, 2021 1 commit
-
-
Laurent Peuch authored
-
- 09 Dec, 2020 1 commit
-
-
Laurent Peuch authored
-
- 01 Dec, 2020 1 commit
-
-
Laurent Peuch authored
-
- 25 Sep, 2020 1 commit
-
-
Laurent Peuch authored
-
- 29 May, 2020 2 commits
-
-
François Ferry authored
-
François Ferry authored
-
- 20 Mar, 2020 1 commit
-
-
Nicola Spanti authored
It is usefull for download through PyPi, because it avoids to download the new version that only support Python 3 if it is still a Python 2 project.
-
- 29 May, 2020 1 commit
-
-
Laurent Wouters authored
-
- 28 May, 2020 2 commits
-
-
Guillaume Vandevelde authored
-
Nicola Spanti authored
-
- 27 May, 2020 1 commit
-
-
Frank Bessou authored
Its two class methods get_schema and get_schema_hash will only compute the schema once. They where computed every time the schema was requested. Closes #1.
-
- 18 May, 2020 2 commits
-
-
Guillaume Vandevelde authored
-
Guillaume Vandevelde authored
This object generates a schema usable by the cwclientlib API. Enable the schema generation to be done by the backend.
-
- 20 Mar, 2020 3 commits
-
-
Nicola Spanti authored
-
Nicola Spanti authored
- Python 2 support removed. - File cubicweb-rqlcontroller.spec seemed to be usefull only for Python 2.6, so we removed it. - We use mainly Debian 10 "Buster" that ships python3.7 for python3, so we consider that we won't support previous versions anymore. This cube is maintained just a bit and users should upgrade, so it does not sound a problem to remove support for things that should be upgraded. - With the same logic, the current last version of CubicWeb (3.27.3) is now required. In fact, the needed code in CubicWeb is not yet in a version, so it is not accurate, because the next one will be needed, but we would like not to wait to publish a new version of rqlcontroller.
-
Laurent Wouters authored
-