Now that the REST API is used throughout patchew-cli, and we have
switched to token authentication, avoid the possibility of forging
cross-site requests.
---
patchew/__init__.py | 7 -------
patchew/settings.py | 2 +-
2 files changed, 1 insertion(+), 8 deletions(-)
diff --git a/patchew/__init__.py b/patchew/__init__.py
index a592854..e69de29 100644
--- a/patchew/__init__.py
+++ b/patchew/__init__.py
@@ -1,7 +0,0 @@
-from rest_framework.authentication import SessionAuthentication
-
-
-class CsrfExemptSessionAuthentication(SessionAuthentication):
- def enforce_csrf(self, request):
- # Skip CSRF until patchew-cli can switch to token-based authentication
- return
diff --git a/patchew/settings.py b/patchew/settings.py
index 189b9f7..8b19d19 100644
--- a/patchew/settings.py
+++ b/patchew/settings.py
@@ -68,7 +68,7 @@ MIDDLEWARE = [
REST_FRAMEWORK = {
"DEFAULT_AUTHENTICATION_CLASSES": (
"rest_framework.authentication.TokenAuthentication",
- "patchew.CsrfExemptSessionAuthentication",
+ "rest_framework.authentication.SessionAuthentication",
),
"DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.LimitOffsetPagination",
"URL_FIELD_NAME": "resource_uri",
--
2.34.1
_______________________________________________
Patchew-devel mailing list
Patchew-devel@redhat.com
https://listman.redhat.com/mailman/listinfo/patchew-devel
On 2/25/22 18:43, Paolo Bonzini wrote: > Now that the REST API is used throughout patchew-cli, and we have > switched to token authentication, avoid the possibility of forging > cross-site requests. > --- > patchew/__init__.py | 7 ------- > patchew/settings.py | 2 +- > 2 files changed, 1 insertion(+), 8 deletions(-) This patch shouldn't have been sent. :) I have pushed the remaining parts of the 2018 summer of code project to a "rest-cli" branch and will try re-deploying some of the containers from it, when I have some time. If it works, it can finally be merged, only 3.5 years later. :) Paolo > diff --git a/patchew/__init__.py b/patchew/__init__.py > index a592854..e69de29 100644 > --- a/patchew/__init__.py > +++ b/patchew/__init__.py > @@ -1,7 +0,0 @@ > -from rest_framework.authentication import SessionAuthentication > - > - > -class CsrfExemptSessionAuthentication(SessionAuthentication): > - def enforce_csrf(self, request): > - # Skip CSRF until patchew-cli can switch to token-based authentication > - return > diff --git a/patchew/settings.py b/patchew/settings.py > index 189b9f7..8b19d19 100644 > --- a/patchew/settings.py > +++ b/patchew/settings.py > @@ -68,7 +68,7 @@ MIDDLEWARE = [ > REST_FRAMEWORK = { > "DEFAULT_AUTHENTICATION_CLASSES": ( > "rest_framework.authentication.TokenAuthentication", > - "patchew.CsrfExemptSessionAuthentication", > + "rest_framework.authentication.SessionAuthentication", > ), > "DEFAULT_PAGINATION_CLASS": "rest_framework.pagination.LimitOffsetPagination", > "URL_FIELD_NAME": "resource_uri", _______________________________________________ Patchew-devel mailing list Patchew-devel@redhat.com https://listman.redhat.com/mailman/listinfo/patchew-devel
© 2016 - 2024 Red Hat, Inc.