Changeset 8364


Ignore:
Timestamp:
May 8, 2009, 6:07:30 PM (12 years ago)
Author:
charles
Message:

(trunk libT) give a better explanation of what third-party apps need to do

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/libtransmission/rpc-server.c

    r8363 r8364  
    573573            const char * sessionId = get_current_session_id( server );
    574574            char * tmp = tr_strdup_printf(
    575                 "<p>Please add this header to your requests:</p>"
    576                 "<p><code>%s: %s</code></p>"
    577                 "<p>This requirement is to make "
     575                "<p>Please add this header to your HTTP requests:</p>"
     576                "<p style=\"padding-left: 20pt;\"><code>%s: %s</code></p>"
     577                "<p><b>RPC Application Developers:</b></p>"
     578                "<p style=\"padding-left: 20pt;\">As of Transmission 1.53 and 1.61, RPC clients "
     579                "need to look for this 409 response containing the phrase \"invalid session-id\".  "
     580                "It occurs when the request's "TR_RPC_SESSION_ID_HEADER" header was missing "
     581                "(such as during bootstrapping) or expired. "
     582                "Either way, you can parse this response's headers for the new session-id.</p>"
     583                "<p style=\"padding-left: 20pt;\">This requirement has been added to make "
    578584                "<a href=\"http://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a>"
    579585                " attacks more difficult.</p>",
    580                 TR_RPC_SESSION_ID_HEADER, sessionId );
     586                TR_RPC_SESSION_ID_HEADER, sessionId,
     587                TR_RPC_SESSION_ID_HEADER );
    581588            evhttp_add_header( req->output_headers, TR_RPC_SESSION_ID_HEADER, sessionId );
    582589            send_simple_response( req, 409, tmp );
Note: See TracChangeset for help on using the changeset viewer.