Martin Zimmermann
dcbe282c34
rm extras/multi-site.rst, already in configuration/setup.rst
11 years ago
Martin Zimmermann
990688f6e0
Merge branch 'fix/multsite'
11 years ago
Martin Zimmermann
adc722359d
move application export to isso.run
...
When using Gunicorn or uWSGI to run `isso.dispatch` it would
automatically initialize and a default Isso instance (and cause
several logging messages), although never used.
If you use uWSGI or Gunicorn, you have to change the module from
`isso` to `isso.run`.
11 years ago
Martin Zimmermann
b15f17738e
isso.dispatch now dispatches multiple sites based on relative URLs
...
The previous approach using a custom X-Custom header did work for the
client-side, but not for activation and deletion links. Now, you need
to add a `name = foo` option to the general section. `isso.dispatch`
then binds this configuration to /foo and can distinguish all API
calls without a special HTTP header.
11 years ago
Martin Zimmermann
ac74418179
move dispatch into isso package
11 years ago
Martin Zimmermann
ebad039d0e
Merge pull request #43 from FedericoCeratto/patch-1
...
Create example.conf
11 years ago
Federico Ceratto
9f40ba848d
Create example.conf
...
Example configuration with comments
11 years ago
Martin Zimmermann
982316c04b
show PHP #vulnerability versus Python
11 years ago
Martin Zimmermann
fc984bb656
add Date header, close #42
11 years ago
Martin Zimmermann
232e2fb474
another approach to fix #40 (return 403 on false Content-Type)
...
When an attacker uses a <form> to downvote a comment, the browser
*should* add a `Content-Type: ...` header with three possible values:
* application/x-www-form-urlencoded
* multipart/form-data
* text/plain
If the header is not sent or requests `application/json`, the
request is not forged (XHR is restricted by CORS separately).
11 years ago
Martin Zimmermann
1db06bbf39
Revert "HTTP Origin is only sent on cross-origin requests in Firefox"
...
Revert "use Referer instead of Origin when using IE"
Revert "fix unittests"
Revert "check if Origin matches Host to mitigate CSRF, part of #40"
This reverts commit 9376511485c70deaf908aa67bcdc8f0c9a0b003e.
This reverts commit 9a03cca793
.
This reverts commit 4c16ba76cc
.
This reverts commit 32e4b70510
.
11 years ago
Martin Zimmermann
b839b2be31
HTTP Origin is only sent on cross-origin requests in Firefox
...
Therefore, only raise Forbidden if Origin (or Referer for MSIE) is sent
(which is a protected header and all modern browsers (except IE)).
Also add a basic unit test which asserts the failure for false origins.
11 years ago
Martin Zimmermann
8802b73b52
Merge pull request #41 from spk/blank
...
Add check with blank text
11 years ago
Laurent Arnoud
02db978308
Add check with blank text
11 years ago
Martin Zimmermann
7d64d84d9d
write contribute section
11 years ago
Martin Zimmermann
6f504ee8f5
show modal dialog before delete or activate comments, close #36
...
The URL sent in the email returns a short HTML document where
JS creates a modal dialog. If continued, the browser sends a
POST request to the same URL.
11 years ago
Martin Zimmermann
83b48d5db6
use el.getAttribute instead of el.dataset to support IE10 m(
11 years ago
Martin Zimmermann
59b70e7109
Merge branch 'fix/csrf', closes #40
11 years ago
Martin Zimmermann
9a03cca793
use Referer instead of Origin when using IE
...
* IE10 (and 11) do not send HTTP_ORIGIN when requesting a URL no in
the same origin, although recommended by WHATWG [1]
* if IE10 is used, use the referer. If this header is supressed by the
user, it won't work (and I don't care).
IE10 needs to die, seriously:
> We have a long-standing interoperability difference with other browsers
> where we treat different ports as same-origin whereas other browsers
> treat them as cross-origin.
via https://connect.microsoft.com/IE/feedback/details/781303/origin-header-is-not-added-to-cors-requests-to-same-domain-but-different-port
[1] http://tools.ietf.org/html/draft-abarth-origin-09
11 years ago
Martin Zimmermann
4c16ba76cc
fix unittests
11 years ago
Martin Zimmermann
32e4b70510
check if Origin matches Host to mitigate CSRF, part of #40
11 years ago
Martin Zimmermann
b0ecc9c16a
add reason for SQLite
11 years ago
Martin Zimmermann
6e31111554
add application object into ns only when using uwsgi and gunicorn
11 years ago
Martin Zimmermann
baabd30e74
more descriptive logging
11 years ago
Martin Zimmermann
a6f54f0191
wat
11 years ago
Martin Zimmermann
c2291c1121
fix links to PyPi and GitHub
11 years ago
Martin Zimmermann
90468cbc27
simplify nosetest usage
11 years ago
Martin Zimmermann
ce950259b4
show traceback when smtp connection failed
11 years ago
Martin Zimmermann
350cf406c2
remove installation and configuration from README
11 years ago
Martin Zimmermann
a045c963bd
Merge branch 'feature/gunicorn'
11 years ago
Martin Zimmermann
706186acd8
Merge branch 'feature/docs'
11 years ago
Martin Zimmermann
b79ac583e8
use sphinx for documentation
11 years ago
Martin Zimmermann
896b4f5e33
support for gunicorn (and other pre-forking wsgi servers)
11 years ago
Martin Zimmermann
aa65873fa6
uWSGI works also with multiprocessing.Lock
11 years ago
Martin Zimmermann
6405f258f3
replace nested middleware calls with reduce and partials
11 years ago
Martin Zimmermann
c9c0df229a
Merge branch 'feature/info'
11 years ago
Martin Zimmermann
1541cc90a9
Merge branch 'fix/notify-links'
11 years ago
Martin Zimmermann
8dac5375b6
add /info view for debugging purposes
11 years ago
Martin Zimmermann
5449b0cea4
add route for comment activation
11 years ago
Martin Zimmermann
63a7df1099
translate deletion and activation links
11 years ago
Martin Zimmermann
e77ae273f4
replace Jenkins with Travis Build Status
11 years ago
Martin Zimmermann
c84d75582f
add Travis CI configuration
11 years ago
Martin Zimmermann
b3d6215d2b
fix unittest for werkzeug==0.8
11 years ago
Martin Zimmermann
c2a0331dbd
remove indexserver from tox.ini (use PyPi instead)
11 years ago
Martin Zimmermann
598b08bd1c
add russian translation
...
http://docs.translatehouse.org/projects/localization-guide/en/latest/l10n/pluralforms.html
11 years ago
Martin Zimmermann
653ac0b6a2
Back to development: 0.6
11 years ago
Martin Zimmermann
f9507a3eec
Preparing release 0.5
11 years ago
Martin Zimmermann
8196f3f465
remove unnecessary imports
11 years ago
Martin Zimmermann
17aa3e6fc5
use english text for mail notifications
11 years ago
Martin Zimmermann
97cc894d8c
update changelog
11 years ago