Ignore:
Timestamp:
Aug 13, 2009, 4:50:50 PM (12 years ago)
Author:
charles
Message:

(trunk libT) make the RPC 409 error message easier to understand

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/libtransmission/rpc-server.c

    r8903 r8911  
    630630            const char * sessionId = get_current_session_id( server );
    631631            char * tmp = tr_strdup_printf(
    632                 "<p>Please add this header to your HTTP requests:</p>"
    633                 "<p style=\"padding-left: 20pt;\"><code>%s: %s</code></p>"
    634                 "<p><b>RPC Application Developers:</b></p>"
    635                 "<p style=\"padding-left: 20pt;\">As of Transmission 1.53 and 1.61, RPC clients "
    636                 "need to look for this 409 response containing the phrase \"invalid session-id\".  "
    637                 "It occurs when the request's "TR_RPC_SESSION_ID_HEADER" header was missing "
    638                 "(such as during bootstrapping) or expired. "
    639                 "Either way, you can parse this response's headers for the new session-id.</p>"
    640                 "<p style=\"padding-left: 20pt;\">This requirement has been added to make "
    641                 "<a href=\"http://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a>"
    642                 " attacks more difficult.</p>",
     632                "<p>Your request had an invalid session-id header.</p>"
     633                "<p>To fix this, follow these steps:"
     634                "<ol><li> When reading a response, get its X-Transmission-Session-Id header and remember it"
     635                "<li> Add the updated header to your outgoing requests"
     636                "<li> When you get this 409 error message, resend your request with the updated header"
     637                "</ol></p>"
     638                "<p>This requirement has been added to help prevent "
     639                "<a href=\"http://en.wikipedia.org/wiki/Cross-site_request_forgery\">CSRF</a> "
     640                "attacks.</p>"
     641                "<p><code>%s: %s</code></p>",
    643642                TR_RPC_SESSION_ID_HEADER, sessionId );
    644643            evhttp_add_header( req->output_headers, TR_RPC_SESSION_ID_HEADER, sessionId );
Note: See TracChangeset for help on using the changeset viewer.