1. 03 Jan, 2022 1 commit
  2. 15 Oct, 2021 1 commit
  3. 30 Sep, 2021 1 commit
  4. 11 Aug, 2021 1 commit
    • Laurent Peuch's avatar
      fix: on /rqlio, csrf is activaved only on multipart/form-data · 42202cdd7c57
      Laurent Peuch authored
      POST for application/json are safe from csrf but not multipart/form-data.
      CSRF protection is thus disabled on application/json (no matter the authentications method).
      
      For multipart/form-data, there are 3 usecases:
      
      1. multipart/form-data authenticated by cookies (webrowser), this requires
         csrf and this is handled by MultipartRqlIOController.
      2. multipart/form-data anon user, this does not require csrf and this in
         handled by AnonMultipartRqlIOController
      3. multipart/form-data authenticated with authorization, this does not
         requires csrf as there is an authentification. This is not handled here
         but in signed-request that implements the authentification.
      42202cdd7c57
  5. 30 Jul, 2021 4 commits
  6. 13 Jan, 2021 1 commit
  7. 27 May, 2020 1 commit
  8. 18 May, 2020 1 commit
  9. 20 Mar, 2020 1 commit
    • Laurent Wouters's avatar
      Enable answering RQL select queries with symbolic bindings · 8a3a9a4bada9
      Laurent Wouters authored
      This introduces a version 2.0 of the rqlio protocol that is able to answer
      select RQL queries with symbolic bindings (with the names of the selected
      variables) instead of the positional rows. Because this breaks compatibility
      with the 1.0 protocol, this change warrants a new version. The previous version
      continues to work alongside the new one.
      
      The end result is the ability to answer the query Any X WHERE X is CWEtype with
      [ { 'rows': [ [101], [102], [103], ...],
        'variables': ['X'] } ]
      instead of
      [ [[101], [102], [103], ...] ]
      
      In protocol version 2.0, when there are no variable names, the variables member
      is simply empty. In addition, the value of the 'rows' member of the response
      object is exactly the same as the total response in the previous protocol, which
      should help write fallback code in client libraries.
      8a3a9a4bada9
  10. 06 Feb, 2019 2 commits
  11. 21 Dec, 2018 1 commit
  12. 11 Jun, 2018 2 commits
  13. 04 Jun, 2018 3 commits
  14. 19 Jan, 2017 1 commit
  15. 01 Jul, 2015 1 commit
  16. 23 Jun, 2015 2 commits
  17. 21 Oct, 2014 1 commit
    • David Douard's avatar
      [view] add support for file-like content (closes #4508408) · 77903b0cab5e
      David Douard authored
      This allows to upload a binary content using a multipart/form-data request
      in which binary data (files) are part entries referenced by the
      'main' part (which is itself embedded as a 'file', ie.
      with a Content-Type set to application/octet-stream and a Content-Disposition
      which 'name' is set to 'json').
      
      The 'json' file is the list of queries serialized as a json string.
      
      The RQL argument values may be '__f<id>' to reference the multipart file '__f<id>'.
      
      See cwclientlib for tests and more details on how to build a proper request.
      77903b0cab5e
  18. 07 Oct, 2014 1 commit
  19. 03 Oct, 2014 2 commits
  20. 31 Jul, 2014 1 commit
  21. 13 Mar, 2014 1 commit
  22. 12 Mar, 2014 3 commits
  23. 11 Mar, 2014 1 commit
  24. 13 Dec, 2013 1 commit