Alon Bar-Lev has posted comments on this change. Change subject: restapi: Add CSRF protection filter ......................................................................
Patch Set 2: (1 comment) http://gerrit.ovirt.org/#/c/26578/2/packaging/services/ovirt-engine/ovirt-engine.conf.in File packaging/services/ovirt-engine/ovirt-engine.conf.in: Line 238: # trusted, and the caller will need to include the value of the session cookie Line 239: # in a header named JSESSIONID, otherwise the request will be rejected with Line 240: # error code 403. Line 241: # Line 242: RESTAPI_CSRF_TRUST_SCRIPT="${ENGINE_ETC}/restapi-csrf-trust.js" This should not have default value, should be customizable by user. Please avoid single configuration elements, in case of static configuration or scripts, use *.d directory or path like structure, to allow extension without overriding files. -- To view, visit http://gerrit.ovirt.org/26578 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: comment Gerrit-Change-Id: I68f03eeefe5bcb1956036b4a80fef4400c467346 Gerrit-PatchSet: 2 Gerrit-Project: ovirt-engine Gerrit-Branch: master Gerrit-Owner: Juan Hernandez <juan.hernan...@redhat.com> Gerrit-Reviewer: Alon Bar-Lev <alo...@redhat.com> Gerrit-Reviewer: Michael Pasternak <mishka8...@yahoo.com> Gerrit-Reviewer: Vojtech Szocs <vsz...@redhat.com> Gerrit-Reviewer: automat...@ovirt.org Gerrit-Reviewer: oVirt Jenkins CI Server Gerrit-HasComments: Yes _______________________________________________ Engine-patches mailing list Engine-patches@ovirt.org http://lists.ovirt.org/mailman/listinfo/engine-patches
