Changeset 8911
- Timestamp:
- Aug 13, 2009, 4:50:50 PM (13 years ago)
- File:
-
- 1 edited
-
trunk/libtransmission/rpc-server.c (modified) (1 diff)
Legend:
- Unmodified
- Added
- Removed
-
trunk/libtransmission/rpc-server.c
r8903 r8911 630 630 const char * sessionId = get_current_session_id( server ); 631 631 char * tmp = tr_strdup_printf( 632 "<p>Please add this header to your HTTP requests:</p>" 633 "<p style=\"padding-left: 20pt;\"><code>%s: %s</code></p>" 634 "<p><b>RPC Application Developers:</b></p>" 635 "<p style=\"padding-left: 20pt;\">As of Transmission 1.53 and 1.61, RPC clients " 636 "need to look for this 409 response containing the phrase \"invalid session-id\". " 637 "It occurs when the request's "TR_RPC_SESSION_ID_HEADER" header was missing " 638 "(such as during bootstrapping) or expired. " 639 "Either way, you can parse this response's headers for the new session-id.</p>" 640 "<p style=\"padding-left: 20pt;\">This requirement has been added to make " 641 "<a href=\"http://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a>" 642 " attacks more difficult.</p>", 632 "<p>Your request had an invalid session-id header.</p>" 633 "<p>To fix this, follow these steps:" 634 "<ol><li> When reading a response, get its X-Transmission-Session-Id header and remember it" 635 "<li> Add the updated header to your outgoing requests" 636 "<li> When you get this 409 error message, resend your request with the updated header" 637 "</ol></p>" 638 "<p>This requirement has been added to help prevent " 639 "<a href=\"http://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a> " 640 "attacks.</p>" 641 "<p><code>%s: %s</code></p>", 643 642 TR_RPC_SESSION_ID_HEADER, sessionId ); 644 643 evhttp_add_header( req->output_headers, TR_RPC_SESSION_ID_HEADER, sessionId );
Note: See TracChangeset
for help on using the changeset viewer.
