1. 20 Aug, 2021 2 commits
  2. 11 Aug, 2021 1 commit
    • Laurent Peuch's avatar
      fix: on /rqlio, csrf is activaved only on multipart/form-data · 42202cdd7c57
      Laurent Peuch authored
      POST for application/json are safe from csrf but not multipart/form-data.
      CSRF protection is thus disabled on application/json (no matter the authentications method).
      For multipart/form-data, there are 3 usecases:
      1. multipart/form-data authenticated by cookies (webrowser), this requires
         csrf and this is handled by MultipartRqlIOController.
      2. multipart/form-data anon user, this does not require csrf and this in
         handled by AnonMultipartRqlIOController
      3. multipart/form-data authenticated with authorization, this does not
         requires csrf as there is an authentification. This is not handled here
         but in signed-request that implements the authentification.
  3. 30 Jul, 2021 8 commits
  4. 13 Jan, 2021 1 commit
  5. 29 May, 2020 1 commit
  6. 20 Mar, 2020 1 commit
  7. 28 May, 2020 1 commit
  8. 27 May, 2020 1 commit
  9. 18 May, 2020 2 commits
  10. 20 Mar, 2020 3 commits
    • Nicola Spanti's avatar
      [pkg] Version 0.6.0 · 8b1ab5688cc6
      Nicola Spanti authored
      - Python 2 support removed.
      - File cubicweb-rqlcontroller.spec seemed to be usefull only for
        Python 2.6, so we removed it.
      - We use mainly Debian 10 "Buster" that ships python3.7 for
        python3, so we consider that we won't support previous versions
        anymore. This cube is maintained just a bit and users should
        upgrade, so it does not sound a problem to remove support for
        things that should be upgraded.
      - With the same logic, the current last version of CubicWeb
        (3.27.3) is now required. In fact, the needed code in CubicWeb
        is not yet in a version, so it is not accurate, because the
        next one will be needed, but we would like not to wait to
        publish a new version of rqlcontroller.
    • Nicola Spanti's avatar
      [test] Fix unittest_rqlcontroller.py because wsgi was removed · 9f3ff842c3bc
      Nicola Spanti authored
      We decide to support only the newest version of CubicWeb. Like
      this, it is easier to maintain and encourages users to upgrade.
    • Laurent Wouters's avatar
      Enable answering RQL select queries with symbolic bindings · 8a3a9a4bada9
      Laurent Wouters authored
      This introduces a version 2.0 of the rqlio protocol that is able to answer
      select RQL queries with symbolic bindings (with the names of the selected
      variables) instead of the positional rows. Because this breaks compatibility
      with the 1.0 protocol, this change warrants a new version. The previous version
      continues to work alongside the new one.
      The end result is the ability to answer the query Any X WHERE X is CWEtype with
      [ { 'rows': [ [101], [102], [103], ...],
        'variables': ['X'] } ]
      instead of
      [ [[101], [102], [103], ...] ]
      In protocol version 2.0, when there are no variable names, the variables member
      is simply empty. In addition, the value of the 'rows' member of the response
      object is exactly the same as the total response in the previous protocol, which
      should help write fallback code in client libraries.
  11. 07 Feb, 2019 1 commit
  12. 06 Feb, 2019 3 commits
  13. 21 Dec, 2018 1 commit