-
Notifications
You must be signed in to change notification settings - Fork 40
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Disable option display_errors by default #146
Conversation
cmake produces warnings like below: The package name passed to `find_package_handle_standard_args` (TARANTOOL) does not match the name of the calling package (Tarantool). This can lead to problems in calling code that expects `find_package` result variables (e.g., `_FOUND`) to follow a certain pattern. Call Stack (most recent call first): cmake/FindTarantool.cmake:27 (find_package_handle_standard_args) CMakeLists.txt:10 (find_package) This patch fixes package name, warnings are gone and output becomes clear and readable.
e1e506a
to
24c942c
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think it is worth to duplicate commit messages (like the one about Django) additional info to PR description since public users do not have access to tarantool/security ticket.
24c942c
to
d91f072
Compare
What's a point to publish a description of security issue before fixing it? |
@DifferentialOrange I added to PR description all issues that fixed by this PR. Also removed commits related to #137, so we can merge these commits without waiting of fix for #137. |
d91f072
to
3401460
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good except several minor nits. Feel free to push after fixes.
When option 'display_errors' is enabled httpd return application errors and backtraces to the client (like PHP). It is unexpected that the debugging information is sent to a client by default. It is usual to have such option, but have it disabled by default: see Django's DEBUG setting [1] for example. 1. https://docs.djangoproject.com/en/3.2/ref/settings/#debug Part of tarantool/security#8
Default content-type 'text/plain; charset=utf-8' is used when content-type is not set. Because without it web browser may interpret the response in an arbitrary way. Fixes tarantool/security#8
3401460
to
87e027e
Compare
Updated commit message. |
Fixes https://github.com/tarantool/security/issues/8
Fixes #129
Fixes #135
Fixes a CMake warnings for passed package names
PR depends on #141NOTE: Issue https://github.com/tarantool/security/issues/8 must be closed manually after merging.