← Back to team overview

c2c-oerpscenario team mailing list archive

[Bug 716343] Re: remove referer check

 

Referer can't be forged in the context of a csrf.

You can disable the csrf check in the config file ( doc/openerp-web.cfg
by default )

# Set to false to disable CSRF checks
tools.csrf.on = True

-> tools.csrf.on = False

** Changed in: openobject-client-web
       Status: New => Won't Fix

-- 
You received this bug notification because you are a member of C2C
OERPScenario, which is subscribed to the OpenERP Project Group.
https://bugs.launchpad.net/bugs/716343

Title:
  remove referer check

Status in OpenERP Web Client:
  Won't Fix

Bug description:
  Please remove check to referer introduced in rev 4091.

  Referer can be forged so it's not a security risk to remove this check.
  It's  wrong to force user to use referer.

  Regards,





References