Browse files

Merge pull request #26 from mehmetali/patch-2

"Shut down Cherokee-Admin" doesn't work because of csrf protection. Thanks Mehmetali for the fix.
  • Loading branch information...
2 parents 0991288 + ee20f94 commit b54e9786e9832212d389bdcc806b726a4ee4152b @skinkie skinkie committed Aug 6, 2012
Showing with 1 addition and 1 deletion.
  1. +1 −1 admin/
@@ -505,7 +505,7 @@ def __call__ (self):
CTK.publish (r'^/$', Render)
CTK.publish (r'^/launch$', Launch)
CTK.publish (r'^/stop$', Stop)
-CTK.publish (r'^/halt$', Halt)
+CTK.publish (r'^/halt', Halt)
CTK.publish (r'^/lang/apply', Lang_Apply, method="POST")
CTK.publish (r'^/proud/apply', ProudUsers_Apply, method="POST")
CTK.publish (r'^%s'%(SUBSCRIBE_APPLY), Subscribe_Apply, method="POST")

1 comment on commit b54e978

pigmej commented on b54e978 Aug 6, 2012

I don't really think that's good idea.

Now everything that starts from '/halt' will shutdown the server.

I would look for fix in other places like: why the halt request isn't ^/halt$ but ^/halt[something].

I recently patched CTK (cherokee/CTK@09208d3) to use real url without the additions, so I would not say it's because of csrf.

Please sign in to comment.