pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/www/py-django-cors-headers py-django-cors-headers: upd...

details:   https://anonhg.NetBSD.org/pkgsrc/rev/f56fae264d4f
branches:  trunk
changeset: 323602:f56fae264d4f
user:      adam <adam%pkgsrc.org@localhost>
date:      Mon May 13 15:54:51 2019 +0000

description:
py-django-cors-headers: updated to 3.0.1

3.0.1:

Allow 'null' in CORS_ORIGIN_WHITELIST check.


3.0.0:

CORS_ORIGIN_WHITELIST now requires URI schemes, and optionally ports. This is part of the CORS specification (Section 3.2) that was not implemented in this library, except from with the 
CORS_ORIGIN_REGEX_WHITELIST setting. It fixes a security issue where the CORS middleware would allow requests between schemes, for example from insecure http:// Origins to a secure https:// site.

You will need to update your whitelist to include schemes, for example from this:

CORS_ORIGIN_WHITELIST = ['example.com']
...to this:

CORS_ORIGIN_WHITELIST = ['https://example.com']
Removed the CORS_MODEL setting, and associated class. It seems very few, or no users were using it, since there were no bug reports since its move to abstract in version 2.0.0 (2017-01-07). If you 
are using this functionality, you can continue by changing your model to not inherit from the abstract one, and add a signal handler for check_request_enabled that reads from your model. Note you'll 
need to handle the move to include schemes for Origins.

diffstat:

 www/py-django-cors-headers/Makefile |   4 ++--
 www/py-django-cors-headers/PLIST    |   5 +----
 www/py-django-cors-headers/distinfo |  10 +++++-----
 3 files changed, 8 insertions(+), 11 deletions(-)

diffs (46 lines):

diff -r 068cae976c08 -r f56fae264d4f www/py-django-cors-headers/Makefile
--- a/www/py-django-cors-headers/Makefile       Mon May 13 15:52:13 2019 +0000
+++ b/www/py-django-cors-headers/Makefile       Mon May 13 15:54:51 2019 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.8 2019/04/29 07:48:33 adam Exp $
+# $NetBSD: Makefile,v 1.9 2019/05/13 15:54:51 adam Exp $
 
-DISTNAME=      django-cors-headers-2.5.3
+DISTNAME=      django-cors-headers-3.0.1
 PKGNAME=       ${PYPKGPREFIX}-${DISTNAME}
 CATEGORIES=    www python
 MASTER_SITES=  ${MASTER_SITE_PYPI:=d/django-cors-headers/}
diff -r 068cae976c08 -r f56fae264d4f www/py-django-cors-headers/PLIST
--- a/www/py-django-cors-headers/PLIST  Mon May 13 15:52:13 2019 +0000
+++ b/www/py-django-cors-headers/PLIST  Mon May 13 15:54:51 2019 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.2 2019/03/10 15:27:07 adam Exp $
+@comment $NetBSD: PLIST,v 1.3 2019/05/13 15:54:51 adam Exp $
 ${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
 ${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
 ${PYSITELIB}/${EGG_INFODIR}/dependency_links.txt
@@ -19,9 +19,6 @@
 ${PYSITELIB}/corsheaders/middleware.py
 ${PYSITELIB}/corsheaders/middleware.pyc
 ${PYSITELIB}/corsheaders/middleware.pyo
-${PYSITELIB}/corsheaders/models.py
-${PYSITELIB}/corsheaders/models.pyc
-${PYSITELIB}/corsheaders/models.pyo
 ${PYSITELIB}/corsheaders/signals.py
 ${PYSITELIB}/corsheaders/signals.pyc
 ${PYSITELIB}/corsheaders/signals.pyo
diff -r 068cae976c08 -r f56fae264d4f www/py-django-cors-headers/distinfo
--- a/www/py-django-cors-headers/distinfo       Mon May 13 15:52:13 2019 +0000
+++ b/www/py-django-cors-headers/distinfo       Mon May 13 15:54:51 2019 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.8 2019/04/29 07:48:33 adam Exp $
+$NetBSD: distinfo,v 1.9 2019/05/13 15:54:51 adam Exp $
 
-SHA1 (django-cors-headers-2.5.3.tar.gz) = 2ef4a2f4f73d5cf3f24b18d7f33703ac29ae937c
-RMD160 (django-cors-headers-2.5.3.tar.gz) = 8a0dd1d90bff79bd36f8afe1c062cd2c003b9934
-SHA512 (django-cors-headers-2.5.3.tar.gz) = 2d892970531cefa110a411424553b221ee8c7edfb97b2ae1ddbb36020692f028f318c03d95dd4fe2c77aeb0cc1279ed5b456e836907683585868b0fb859b0232
-Size (django-cors-headers-2.5.3.tar.gz) = 23295 bytes
+SHA1 (django-cors-headers-3.0.1.tar.gz) = 677735bc0c3a460dfa8eb436d329959c56edb516
+RMD160 (django-cors-headers-3.0.1.tar.gz) = 7420a2538368f785da6808b62fd1cdd7a5f16c62
+SHA512 (django-cors-headers-3.0.1.tar.gz) = 38671b51f228d9edc00530d0cd85ca5adff22ebe8f10f526a4106734be17a4b0a51588b1beec880fa1cf3530d34eeacd42698cefb4e4743ad70ebdc6b5d162b1
+Size (django-cors-headers-3.0.1.tar.gz) = 24360 bytes
Home | Main Index | Thread Index | Old Index