Develop to main - Githubissues

qld-gov-au / ckanext-csrf-filter

A CKAN extension to add protection against Cross-Site Request Forgery attacks

GNU Affero General Public License v3.0

0 stars 6 forks source link

Develop to main #24

Closed ThrawnCA closed 2 years ago

ThrawnCA commented 2 years ago

Permit multiple leading slashes in API URLs
Fix encoding of slashes in usernames

ThrawnCA commented 2 years ago

A test would be useful internal to this plugin, yes we have it tested elsewhere but a discreet test in this python ckan plugin would also be extremely beneficial

Tricky. There is already a test of usernames containing slashes, but the specific behaviour that we're dealing with here comes from a real WebOb Request object, which complicates testing quite a bit.

Edit: Okay, I found a way.