On Friday, January 27, 2012 10:43:53 AM UTC-5, Gian Luca Decurtins wrote:
>
> Thank you!
>
> I had to edit models/db.py:
> # response.generic_patterns = ['*'] if request.is_local else []
> response.generic_patterns = ['*']
>
Note, there's a reason that generic views are enabled only on localhost by
default -- they can create a security risk by allowing unintended data to
leak. For example, generic.json will display everything returned to the
view by the controller, including db fields selected but not intended for
display and variables only intended to control view display logic. You
should be more precise when enabling generic views in production. For
example:
response.generic_patterns = ['data.html']
or
def data():
response.generic_patterns = ['html']
will only enable generic.html (not the other generic views), and only when
the "data" action is called.
Anthony
