Il 10/30/18 7:13 PM, Tom Hughes ha scritto:
>
> No it protects against unintended exfiltration of data from
> the server - without it a random web page could have javascript
> that did a background XHR to a web site that required authentication
> and just wait until somebody happens to visit that p
On 30/10/2018 18:13, Tom Hughes wrote:
On 30/10/2018 17:36, Mattia Verga wrote:
What type of security issue may arise with a wildcarded
`Access-Control-Allow-Headers: *` header? As I understand CORS, it's not
a server protection, rather a client protection. In fact, installing a
browser extensi
On 30/10/2018 17:36, Mattia Verga wrote:
The problem is that the ajax request to Bugzilla fails, because BZ
doesn't provide CORS headers. I've asked BZ guys [2] to add those
headers, but I'm a bit confused about how CORS works and I would need
some help from someone who may have a deeper knowled
Il 10/30/18 6:36 PM, Mattia Verga ha scritto:
>
> [1] https://github.com/mattiaverga/bodhi/tree/manual_bugs
> [2] https://bugzilla.redhat.com/show_bug.cgi?id=1641232
> [3] https://bugzilla.redhat.com/show_bug.cgi?id=1641232#c6
>
A more precise link to the ajax call to Bugzilla:
https://github.com/
Hi,
I'm working on a Pull Request for Bodhi web interface to allow
retrieving bugs information when we try to attach them to an update.
This way we can do some checks on the bug we're trying to attach (is it
private? is it a Fedora or Fedora EPEL bug?...) and provide some useful
information in
