** Description changed: + The impact of this bug is adheres to an inconsistent interface in + Launchpad. The proposed fix adds the REFERER information to the HTTP + header which is consistent with all the other Launchpad interfaces. A + workaround is currently provided in Launchpad but it would be nice to + have this bug fixed in an LTS release so that Launchpad can eventually + remove this workaround safely. + Since ca. 2010-3-24, Launchpad requires a referer header for all POST requests, see bug 529348 . We will exempt the /+hwdb/+submit URL for now from this requirement, but in order to prevent future CRSF problems, checkbox should send a referer header. From #launchpad-dev, 2010-03-29: (17:39:38) gary_poster: adeuring: so...actually, I also suggest that they change their script now to include a REFERER. That way eventually legacy clients will "just work," and sooner than if they wait to be able to do whatever it is they need to do through the webservice API (17:40:53) adeuring: gary_poster: yes, checkbox should do that. But it is installed by default on every Ubuntu system, and getting rid of old version will ned quite some time... (17:41:38) gary_poster: adeuring: ack, so let's get started ;-) getting the change into lucid would be a *big* win in that regard
-- checkbox should send a referer header when it POSTs data to Launchpad. https://bugs.launchpad.net/bugs/550973 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
