c2c-oerpscenario team mailing list archive
-
c2c-oerpscenario team
-
Mailing list archive
-
Message #15708
[Bug 716343] Re: remove referer check
Referer can't be forged in the context of a csrf.
You can disable the csrf check in the config file ( doc/openerp-web.cfg
by default )
# Set to false to disable CSRF checks
tools.csrf.on = True
-> tools.csrf.on = False
** Changed in: openobject-client-web
Status: New => Won't Fix
--
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/716343
Title:
remove referer check
Status in OpenERP Web Client:
Won't Fix
Bug description:
Please remove check to referer introduced in rev 4091.
Referer can be forged so it's not a security risk to remove this check.
It's wrong to force user to use referer.
Regards,
References