Skip to content
This repository
Browse code

Merge pull request #26 from mehmetali/patch-2

"Shut down Cherokee-Admin" doesn't work because of csrf protection. Thanks Mehmetali for the fix.
  • Loading branch information...
commit b54e9786e9832212d389bdcc806b726a4ee4152b 2 parents 0991288 + ee20f94
Stefan de Konink authored August 06, 2012

Showing 1 changed file with 1 addition and 1 deletion. Show diff stats Hide diff stats

  1. 2  admin/PageIndex.py
2  admin/PageIndex.py
@@ -505,7 +505,7 @@ def __call__ (self):
505 505
 CTK.publish (r'^/$',       Render)
506 506
 CTK.publish (r'^/launch$', Launch)
507 507
 CTK.publish (r'^/stop$',   Stop)
508  
-CTK.publish (r'^/halt$',   Halt)
  508
+CTK.publish (r'^/halt',   Halt)
509 509
 CTK.publish (r'^/lang/apply',             Lang_Apply,           method="POST")
510 510
 CTK.publish (r'^/proud/apply',            ProudUsers_Apply,     method="POST")
511 511
 CTK.publish (r'^%s'%(SUBSCRIBE_APPLY),    Subscribe_Apply,      method="POST")

1 note on commit b54e978

Jędrzej Nowak
Collaborator

I don't really think that's good idea.

Now everything that starts from '/halt' will shutdown the server.

I would look for fix in other places like: why the halt request isn't ^/halt$ but ^/halt[something].

I recently patched CTK (cherokee/CTK@09208d3) to use real url without the additions, so I would not say it's because of csrf.

Please sign in to comment.
Something went wrong with that request. Please try again.