pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/www/py-django-cors-headers py-django-cors-headers: upd...
details: https://anonhg.NetBSD.org/pkgsrc/rev/8bdced93dbb4
branches: trunk
changeset: 395779:8bdced93dbb4
user: adam <adam%pkgsrc.org@localhost>
date: Mon May 13 15:54:51 2019 +0000
description:
py-django-cors-headers: updated to 3.0.1
3.0.1:
Allow 'null' in CORS_ORIGIN_WHITELIST check.
3.0.0:
CORS_ORIGIN_WHITELIST now requires URI schemes, and optionally ports. This is part of the CORS specification (Section 3.2) that was not implemented in this library, except from with the
CORS_ORIGIN_REGEX_WHITELIST setting. It fixes a security issue where the CORS middleware would allow requests between schemes, for example from insecure http:// Origins to a secure https:// site.
You will need to update your whitelist to include schemes, for example from this:
CORS_ORIGIN_WHITELIST = ['example.com']
...to this:
CORS_ORIGIN_WHITELIST = ['https://example.com']
Removed the CORS_MODEL setting, and associated class. It seems very few, or no users were using it, since there were no bug reports since its move to abstract in version 2.0.0 (2017-01-07). If you
are using this functionality, you can continue by changing your model to not inherit from the abstract one, and add a signal handler for check_request_enabled that reads from your model. Note you'll
need to handle the move to include schemes for Origins.
diffstat:
www/py-django-cors-headers/Makefile | 4 ++--
www/py-django-cors-headers/PLIST | 5 +----
www/py-django-cors-headers/distinfo | 10 +++++-----
3 files changed, 8 insertions(+), 11 deletions(-)
diffs (46 lines):
diff -r bdbf9639d926 -r 8bdced93dbb4 www/py-django-cors-headers/Makefile
--- a/www/py-django-cors-headers/Makefile Mon May 13 15:52:13 2019 +0000
+++ b/www/py-django-cors-headers/Makefile Mon May 13 15:54:51 2019 +0000
@@ -1,6 +1,6 @@
-# $NetBSD: Makefile,v 1.8 2019/04/29 07:48:33 adam Exp $
+# $NetBSD: Makefile,v 1.9 2019/05/13 15:54:51 adam Exp $
-DISTNAME= django-cors-headers-2.5.3
+DISTNAME= django-cors-headers-3.0.1
PKGNAME= ${PYPKGPREFIX}-${DISTNAME}
CATEGORIES= www python
MASTER_SITES= ${MASTER_SITE_PYPI:=d/django-cors-headers/}
diff -r bdbf9639d926 -r 8bdced93dbb4 www/py-django-cors-headers/PLIST
--- a/www/py-django-cors-headers/PLIST Mon May 13 15:52:13 2019 +0000
+++ b/www/py-django-cors-headers/PLIST Mon May 13 15:54:51 2019 +0000
@@ -1,4 +1,4 @@
-@comment $NetBSD: PLIST,v 1.2 2019/03/10 15:27:07 adam Exp $
+@comment $NetBSD: PLIST,v 1.3 2019/05/13 15:54:51 adam Exp $
${PYSITELIB}/${EGG_INFODIR}/PKG-INFO
${PYSITELIB}/${EGG_INFODIR}/SOURCES.txt
${PYSITELIB}/${EGG_INFODIR}/dependency_links.txt
@@ -19,9 +19,6 @@
${PYSITELIB}/corsheaders/middleware.py
${PYSITELIB}/corsheaders/middleware.pyc
${PYSITELIB}/corsheaders/middleware.pyo
-${PYSITELIB}/corsheaders/models.py
-${PYSITELIB}/corsheaders/models.pyc
-${PYSITELIB}/corsheaders/models.pyo
${PYSITELIB}/corsheaders/signals.py
${PYSITELIB}/corsheaders/signals.pyc
${PYSITELIB}/corsheaders/signals.pyo
diff -r bdbf9639d926 -r 8bdced93dbb4 www/py-django-cors-headers/distinfo
--- a/www/py-django-cors-headers/distinfo Mon May 13 15:52:13 2019 +0000
+++ b/www/py-django-cors-headers/distinfo Mon May 13 15:54:51 2019 +0000
@@ -1,6 +1,6 @@
-$NetBSD: distinfo,v 1.8 2019/04/29 07:48:33 adam Exp $
+$NetBSD: distinfo,v 1.9 2019/05/13 15:54:51 adam Exp $
-SHA1 (django-cors-headers-2.5.3.tar.gz) = 2ef4a2f4f73d5cf3f24b18d7f33703ac29ae937c
-RMD160 (django-cors-headers-2.5.3.tar.gz) = 8a0dd1d90bff79bd36f8afe1c062cd2c003b9934
-SHA512 (django-cors-headers-2.5.3.tar.gz) = 2d892970531cefa110a411424553b221ee8c7edfb97b2ae1ddbb36020692f028f318c03d95dd4fe2c77aeb0cc1279ed5b456e836907683585868b0fb859b0232
-Size (django-cors-headers-2.5.3.tar.gz) = 23295 bytes
+SHA1 (django-cors-headers-3.0.1.tar.gz) = 677735bc0c3a460dfa8eb436d329959c56edb516
+RMD160 (django-cors-headers-3.0.1.tar.gz) = 7420a2538368f785da6808b62fd1cdd7a5f16c62
+SHA512 (django-cors-headers-3.0.1.tar.gz) = 38671b51f228d9edc00530d0cd85ca5adff22ebe8f10f526a4106734be17a4b0a51588b1beec880fa1cf3530d34eeacd42698cefb4e4743ad70ebdc6b5d162b1
+Size (django-cors-headers-3.0.1.tar.gz) = 24360 bytes
Home |
Main Index |
Thread Index |
Old Index