CVS commit: pkgsrc/www/py-django-cors-headers

To: pkgsrc-changes%NetBSD.org@localhost
Subject: CVS commit: pkgsrc/www/py-django-cors-headers
From: "Adam Ciarcinski" <adam%netbsd.org@localhost>
Date: Mon, 13 May 2019 15:54:51 +0000

Module Name:    pkgsrc
Committed By:   adam
Date:           Mon May 13 15:54:51 UTC 2019

Modified Files:
        pkgsrc/www/py-django-cors-headers: Makefile PLIST distinfo

Log Message:
py-django-cors-headers: updated to 3.0.1

3.0.1:

Allow 'null' in CORS_ORIGIN_WHITELIST check.

3.0.0:

CORS_ORIGIN_WHITELIST now requires URI schemes, and optionally ports. This is part of the CORS specification (Section 3.2) that was not implemented in this library, except from with the 
CORS_ORIGIN_REGEX_WHITELIST setting. It fixes a security issue where the CORS middleware would allow requests between schemes, for example from insecure http:// Origins to a secure https:// site.

You will need to update your whitelist to include schemes, for example from this:

CORS_ORIGIN_WHITELIST = ['example.com']
...to this:

CORS_ORIGIN_WHITELIST = ['https://example.com']
Removed the CORS_MODEL setting, and associated class. It seems very few, or no users were using it, since there were no bug reports since its move to abstract in version 2.0.0 (2017-01-07). If you 
are using this functionality, you can continue by changing your model to not inherit from the abstract one, and add a signal handler for check_request_enabled that reads from your model. Note you'll 
need to handle the move to include schemes for Origins.


To generate a diff of this commit:
cvs rdiff -u -r1.8 -r1.9 pkgsrc/www/py-django-cors-headers/Makefile \
    pkgsrc/www/py-django-cors-headers/distinfo
cvs rdiff -u -r1.2 -r1.3 pkgsrc/www/py-django-cors-headers/PLIST

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.

Modified files:

Index: pkgsrc/www/py-django-cors-headers/Makefile
diff -u pkgsrc/www/py-django-cors-headers/Makefile:1.8 pkgsrc/www/py-django-cors-headers/Makefile:1.9
--- pkgsrc/www/py-django-cors-headers/Makefile:1.8      Mon Apr 29 07:48:33 2019
+++ pkgsrc/www/py-django-cors-headers/Makefile  Mon May 13 15:54:51 2019
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.8 2019/04/29 07:48:33 adam Exp $
+# $NetBSD: Makefile,v 1.9 2019/05/13 15:54:51 adam Exp $
 
-DISTNAME=      django-cors-headers-2.5.3
+DISTNAME=      django-cors-headers-3.0.1
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    www python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=d/django-cors-headers/}
Index: pkgsrc/www/py-django-cors-headers/distinfo
diff -u pkgsrc/www/py-django-cors-headers/distinfo:1.8 pkgsrc/www/py-django-cors-headers/distinfo:1.9
--- pkgsrc/www/py-django-cors-headers/distinfo:1.8      Mon Apr 29 07:48:33 2019
+++ pkgsrc/www/py-django-cors-headers/distinfo  Mon May 13 15:54:51 2019
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.8 2019/04/29 07:48:33 adam Exp $
+$NetBSD: distinfo,v 1.9 2019/05/13 15:54:51 adam Exp $
 
-SHA1 (django-cors-headers-2.5.3.tar.gz) = 2ef4a2f4f73d5cf3f24b18d7f33703ac29ae937c
-RMD160 (django-cors-headers-2.5.3.tar.gz) = 8a0dd1d90bff79bd36f8afe1c062cd2c003b9934
-SHA512 (django-cors-headers-2.5.3.tar.gz) = 2d892970531cefa110a411424553b221ee8c7edfb97b2ae1ddbb36020692f028f318c03d95dd4fe2c77aeb0cc1279ed5b456e836907683585868b0fb859b0232
-Size (django-cors-headers-2.5.3.tar.gz) = 23295 bytes
+SHA1 (django-cors-headers-3.0.1.tar.gz) = 677735bc0c3a460dfa8eb436d329959c56edb516
+RMD160 (django-cors-headers-3.0.1.tar.gz) = 7420a2538368f785da6808b62fd1cdd7a5f16c62
+SHA512 (django-cors-headers-3.0.1.tar.gz) = 38671b51f228d9edc00530d0cd85ca5adff22ebe8f10f526a4106734be17a4b0a51588b1beec880fa1cf3530d34eeacd42698cefb4e4743ad70ebdc6b5d162b1
+Size (django-cors-headers-3.0.1.tar.gz) = 24360 bytes

Index: pkgsrc/www/py-django-cors-headers/PLIST
diff -u pkgsrc/www/py-django-cors-headers/PLIST:1.2 pkgsrc/www/py-django-cors-headers/PLIST:1.3
--- pkgsrc/www/py-django-cors-headers/PLIST:1.2 Sun Mar 10 15:27:07 2019
+++ pkgsrc/www/py-django-cors-headers/PLIST     Mon May 13 15:54:51 2019
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.2 2019/03/10 15:27:07 adam Exp $
+@comment $NetBSD: PLIST,v 1.3 2019/05/13 15:54:51 adam Exp $
 ${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
 ${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
 ${PYSITELIB}/${EGG_INFODIR}/dependency_links.txt
@@ -19,9 +19,6 @@ ${PYSITELIB}/corsheaders/defaults.pyo
 ${PYSITELIB}/corsheaders/middleware.py
 ${PYSITELIB}/corsheaders/middleware.pyc
 ${PYSITELIB}/corsheaders/middleware.pyo
-${PYSITELIB}/corsheaders/models.py
-${PYSITELIB}/corsheaders/models.pyc
-${PYSITELIB}/corsheaders/models.pyo
 ${PYSITELIB}/corsheaders/signals.py
 ${PYSITELIB}/corsheaders/signals.pyc
 ${PYSITELIB}/corsheaders/signals.pyo

Prev by Date: CVS commit: pkgsrc/www/py-djangorestframework
Next by Date: CVS commit: pkgsrc/www/py-django-mptt
Previous by Thread: CVS commit: pkgsrc/www/py-djangorestframework
Next by Thread: CVS commit: pkgsrc/www/py-django-mptt
Indexes:

Home | Main Index | Thread Index | Old Index