c2c-oerpscenario team mailing list archive

Thread
Date

[Bug 716343] Re: remove referer check

To: c2c-oerpscenario@xxxxxxxxxxxxxxxxxxx
From: "Fabien Meghazi \(OpenERP\)" <716343@xxxxxxxxxxxxxxxxxx>
Date: Thu, 10 Feb 2011 12:01:03 -0000
Reply-to: Bug 716343 <716343@xxxxxxxxxxxxxxxxxx>
Sender: bounces@xxxxxxxxxxxxx

Referer can't be forged in the context of a csrf.

You can disable the csrf check in the config file ( doc/openerp-web.cfg
by default )

# Set to false to disable CSRF checks
tools.csrf.on = True

-> tools.csrf.on = False

** Changed in: openobject-client-web
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/716343

Title:
  remove referer check

Status in OpenERP Web Client:
  Won't Fix

Bug description:
  Please remove check to referer introduced in rev 4091.

  Referer can be forged so it's not a security risk to remove this check.
  It's  wrong to force user to use referer.

  Regards,

References

[Bug 716343] [NEW] remove referer check
From: jftempo, 2011-02-10