1. 20 Aug, 2021 4 commits
  2. 11 Aug, 2021 1 commit
    • Laurent Peuch's avatar
      fix: on /rqlio, csrf is activaved only on multipart/form-data · 42202cdd7c57
      Laurent Peuch authored
      POST for application/json are safe from csrf but not multipart/form-data.
      CSRF protection is thus disabled on application/json (no matter the authentications method).
      
      For multipart/form-data, there are 3 usecases:
      
      1. multipart/form-data authenticated by cookies (webrowser), this requires
         csrf and this is handled by MultipartRqlIOController.
      2. multipart/form-data anon user, this does not require csrf and this in
         handled by AnonMultipartRqlIOController
      3. multipart/form-data authenticated with authorization, this does not
         requires csrf as there is an authentification. This is not handled here
         but in signed-request that implements the authentification.
      42202cdd7c57
  3. 22 Jul, 2021 1 commit
  4. 03 Aug, 2021 1 commit
  5. 30 Jul, 2021 13 commits
  6. 17 Jul, 2021 1 commit
  7. 16 Jul, 2021 1 commit
  8. 21 Apr, 2021 1 commit
  9. 13 Jan, 2021 1 commit
  10. 09 Dec, 2020 1 commit
  11. 01 Dec, 2020 1 commit
  12. 25 Sep, 2020 1 commit
  13. 29 May, 2020 2 commits
  14. 20 Mar, 2020 1 commit
  15. 29 May, 2020 1 commit
  16. 28 May, 2020 2 commits
  17. 27 May, 2020 1 commit
  18. 18 May, 2020 2 commits
  19. 20 Mar, 2020 4 commits
    • Nicola Spanti's avatar
      Added tag 0.6.0 for changeset 8b1ab5688cc6 · 021a082c6db7
      Nicola Spanti authored
      021a082c6db7
    • Nicola Spanti's avatar
      [pkg] Version 0.6.0 · 8b1ab5688cc6
      Nicola Spanti authored
      - Python 2 support removed.
      - File cubicweb-rqlcontroller.spec seemed to be usefull only for
        Python 2.6, so we removed it.
      - We use mainly Debian 10 "Buster" that ships python3.7 for
        python3, so we consider that we won't support previous versions
        anymore. This cube is maintained just a bit and users should
        upgrade, so it does not sound a problem to remove support for
        things that should be upgraded.
      - With the same logic, the current last version of CubicWeb
        (3.27.3) is now required. In fact, the needed code in CubicWeb
        is not yet in a version, so it is not accurate, because the
        next one will be needed, but we would like not to wait to
        publish a new version of rqlcontroller.
      8b1ab5688cc6
    • Laurent Wouters's avatar
      [test] Add new test for rqlio v2.0 · c2f77ef03008
      Laurent Wouters authored
      c2f77ef03008
    • Nicola Spanti's avatar
      [test] Fix unittest_rqlcontroller.py because wsgi was removed · 9f3ff842c3bc
      Nicola Spanti authored
      We decide to support only the newest version of CubicWeb. Like
      this, it is easier to maintain and encourages users to upgrade.
      9f3ff842c3bc