LGTM
On 27 January 2016 11:58:46 GMT+00:00, Petter Reinholdtsen <[email protected]> wrote: > >One of the patches from chrysn is very simple, and I had a closer look >to see if it could be correct too. RFC 4791 section 5.1 indicate that >the OPTION request should work without access control (and always >report >calendar-access for CalDAV, which calypso already does). > >This make me suggest the patch is merged. > >From 955568e6b08efd369fc23577c50e72961ff1e8fe Mon Sep 17 00:00:00 2001 >From: chrysn <[email protected]> >Date: Tue, 15 Apr 2014 23:17:37 +0200 >Subject: disable permission checks for OPTIONS > >a CORS request (eg as issued in chromium) needs a pre-flight OPTIONS >request on the resource, which can't use credentials yet it's the point >of CORS not to send requests from the browser anywhere without that >particular anywhere's consent. > >the code behind OPTIONS does not reveal any data (not even presence of >a >collection). >--- > calypso/__init__.py | 3 +-- > 1 file changed, 1 insertion(+), 2 deletions(-) > >diff --git a/calypso/__init__.py b/calypso/__init__.py >index 8f1625f..5306a83 100644 >--- a/calypso/__init__.py >+++ b/calypso/__init__.py >@@ -405,8 +405,7 @@ class >CollectionHTTPHandler(server.BaseHTTPRequestHandler): > self.send_calypso_response(client.CREATED, 0) > self.end_headers() > >- @check_rights >- def do_OPTIONS(self, context): >+ def do_OPTIONS(self): > """Manage OPTIONS request.""" > self.send_calypso_response(client.OK, 0) > self.send_header( >-- >2.7.0.rc3 > >-- >Happy hacking >Petter Reinholdtsen >_______________________________________________ >Calypso mailing list >[email protected] >http://keithp.com/mailman/listinfo/calypso
_______________________________________________ Calypso mailing list [email protected] http://keithp.com/mailman/listinfo/calypso
