c2c-oerpscenario team mailing list archive

Thread
Date

Re: [Bug 690514] [NEW] [trunk] CSRF check in 4091 breaks mod_proxy

To: c2c-oerpscenario@xxxxxxxxxxxxxxxxxxx
From: xrg <xrg@xxxxxxxxx>
Date: Wed, 15 Dec 2010 08:37:50 -0000
Reply-to: Bug 690514 <690514@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

On Wednesday 15 December 2010, you wrote:
> Public bug reported:
> 
> The CSRF check won't work in most cases with mod_proxy - the host/ref is
> going to be different (e.g. 127.0.0.1) Likely better way to do it is using
> a token/hidden field... I'd provide a patch but I haven't worked much with
> the web client yet.
> 
May I suggest that the check becomes configurable? The admin that will place 
the web-client behind a mod_proxy should be told to change that flag too and 
losen the check.

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/690514

Title:
  [trunk] CSRF check in 4091 breaks mod_proxy

Status in OpenObject Web Client:
  New

Bug description:
  The CSRF check won't work in most cases with mod_proxy - the host/ref is going to be different (e.g. 127.0.0.1) 
Likely better way to do it is using a token/hidden field... I'd provide a patch but I haven't worked much with the web client yet.

References

[Bug 690514] [NEW] [trunk] CSRF check in 4091 breaks mod_proxy
From: John B, 2010-12-15