[Calypso] [PATCH] disable permission checks for OPTIONS

Guido G√ľnther agx at sigxcpu.org
Wed Jan 27 09:28:54 PST 2016


On Wed, Jan 27, 2016 at 12:06:53PM +0000, Jelmer Vernooij wrote:
> LGTM

To me too. Feel free to push patches that look good.
Cheers,
 -- Guido

> 
> On 27 January 2016 11:58:46 GMT+00:00, Petter Reinholdtsen <pere at hungry.com> wrote:
> >
> >One of the patches from chrysn is very simple, and I had a closer look
> >to see if it could be correct too.  RFC 4791 section 5.1 indicate that
> >the OPTION request should work without access control (and always
> >report
> >calendar-access for CalDAV, which calypso already does).
> >
> >This make me suggest the patch is merged.
> >
> >From 955568e6b08efd369fc23577c50e72961ff1e8fe Mon Sep 17 00:00:00 2001
> >From: chrysn <chrysn at fsfe.org>
> >Date: Tue, 15 Apr 2014 23:17:37 +0200
> >Subject: disable permission checks for OPTIONS
> >
> >a CORS request (eg as issued in chromium) needs a pre-flight OPTIONS
> >request on the resource, which can't use credentials yet it's the point
> >of CORS not to send requests from the browser anywhere without that
> >particular anywhere's consent.
> >
> >the code behind OPTIONS does not reveal any data (not even presence of
> >a
> >collection).
> >---
> > calypso/__init__.py | 3 +--
> > 1 file changed, 1 insertion(+), 2 deletions(-)
> >
> >diff --git a/calypso/__init__.py b/calypso/__init__.py
> >index 8f1625f..5306a83 100644
> >--- a/calypso/__init__.py
> >+++ b/calypso/__init__.py
> >@@ -405,8 +405,7 @@ class
> >CollectionHTTPHandler(server.BaseHTTPRequestHandler):
> >         self.send_calypso_response(client.CREATED, 0)
> >         self.end_headers()
> > 
> >-    @check_rights
> >-    def do_OPTIONS(self, context):
> >+    def do_OPTIONS(self):
> >         """Manage OPTIONS request."""
> >         self.send_calypso_response(client.OK, 0)
> >         self.send_header(
> >-- 
> >2.7.0.rc3
> >
> >-- 
> >Happy hacking
> >Petter Reinholdtsen
> >_______________________________________________
> >Calypso mailing list
> >Calypso at keithp.com
> >http://keithp.com/mailman/listinfo/calypso

> _______________________________________________
> Calypso mailing list
> Calypso at keithp.com
> http://keithp.com/mailman/listinfo/calypso



More information about the Calypso mailing list