[Calypso] [PATCH] disable permission checks for OPTIONS

Jelmer Vernooij jelmer at jelmer.uk
Wed Jan 27 04:06:53 PST 2016


LGTM

On 27 January 2016 11:58:46 GMT+00:00, Petter Reinholdtsen <pere at hungry.com> wrote:
>
>One of the patches from chrysn is very simple, and I had a closer look
>to see if it could be correct too.  RFC 4791 section 5.1 indicate that
>the OPTION request should work without access control (and always
>report
>calendar-access for CalDAV, which calypso already does).
>
>This make me suggest the patch is merged.
>
>From 955568e6b08efd369fc23577c50e72961ff1e8fe Mon Sep 17 00:00:00 2001
>From: chrysn <chrysn at fsfe.org>
>Date: Tue, 15 Apr 2014 23:17:37 +0200
>Subject: disable permission checks for OPTIONS
>
>a CORS request (eg as issued in chromium) needs a pre-flight OPTIONS
>request on the resource, which can't use credentials yet it's the point
>of CORS not to send requests from the browser anywhere without that
>particular anywhere's consent.
>
>the code behind OPTIONS does not reveal any data (not even presence of
>a
>collection).
>---
> calypso/__init__.py | 3 +--
> 1 file changed, 1 insertion(+), 2 deletions(-)
>
>diff --git a/calypso/__init__.py b/calypso/__init__.py
>index 8f1625f..5306a83 100644
>--- a/calypso/__init__.py
>+++ b/calypso/__init__.py
>@@ -405,8 +405,7 @@ class
>CollectionHTTPHandler(server.BaseHTTPRequestHandler):
>         self.send_calypso_response(client.CREATED, 0)
>         self.end_headers()
> 
>-    @check_rights
>-    def do_OPTIONS(self, context):
>+    def do_OPTIONS(self):
>         """Manage OPTIONS request."""
>         self.send_calypso_response(client.OK, 0)
>         self.send_header(
>-- 
>2.7.0.rc3
>
>-- 
>Happy hacking
>Petter Reinholdtsen
>_______________________________________________
>Calypso mailing list
>Calypso at keithp.com
>http://keithp.com/mailman/listinfo/calypso
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://keithp.com/pipermail/calypso/attachments/20160127/ae7cd377/attachment-0001.html>


More information about the Calypso mailing list