Mercurial > templog
changeset 573:a3e9c97c448b
Oops, we didn't authenticate the parameter update
| author | Matt Johnston <matt@ucc.asn.au> |
|---|---|
| date | Tue, 17 Nov 2015 22:24:09 +0800 |
| parents | 55cae4f27e75 |
| children | 329e65ea1edc |
| files | web/templog.py |
| diffstat | 1 files changed, 12 insertions(+), 1 deletions(-) [+] |
line wrap: on
line diff
--- a/web/templog.py Wed Jun 10 00:13:26 2015 +0800 +++ b/web/templog.py Tue Nov 17 22:24:09 2015 +0800 @@ -69,6 +69,12 @@ @route('/set/update', method='post') def set_update(): + if not secure.check_user_hash(config.ALLOWED_USERS): + # the "Save" button should be disabled if the cert wasn't + # good + response.status = 403 + return "No cert, dodginess" + post_json = json.loads(request.forms.data) csrf_blob = post_json['csrf_blob'] @@ -79,7 +85,7 @@ ret = log.update_params(post_json['params']) if not ret is True: - response.status = 403 + response.status = 409 # Conflict return ret return "Good" @@ -157,6 +163,11 @@ #var_lookup = environ['mod_ssl.var_lookup'] #return var_lookup("SSL_SERVER_I_DN_O") +@route('/h') +def headers(): + response.set_header('Content-Type', 'text/plain') + return '\n'.join("%s: %s" % x for x in request.headers.items()) + @route('/get_settings') def get_settings(): response.set_header('Cache-Control', 'no-cache')