Matthias Schiffer
1837b1e2b3
gluon-web: prohibit cross-origin POST
...
As gluon-web uses standard multipart/form-data requests, browsers don't
enforce any cross-origin restrictions. To prevent malicious injection of
POST requests into the config mode, match the Origin header against the
Host header of the request.
(cherry picked from commit a83466be6e
)
2022-02-03 17:08:07 +01:00
Matthias Schiffer
f4ae80e73b
gluon-web: improve error handling of parse_message_body()
...
Actually raise an error and turn it into an HTTP 400 return code when
something goes wrong, rather than ignoring the error.
We also improve the conditions under which errors are thrown before
pump() is called: We don't need to check for the multipart/form-data
content-type twice, and a POST without this content-type is now always
an error.
(cherry picked from commit f3960eeb47
)
2022-02-03 17:08:07 +01:00
Matthias Schiffer
46dce5747b
gluon-web: add CRLF to text/plain Internal Server Error output
...
Having a trailing newline is nice when viewing the returned data in a
terminal.
(cherry picked from commit de43b306d4
)
2022-02-03 17:08:07 +01:00
bobcanthelpyou
4249d65af7
treewide: fix luacheck warnings
2019-06-16 22:51:53 +02:00
Matthias Schiffer
da45bd5987
treewide: do not use Lua module()
2019-06-16 15:51:43 +02:00
Matthias Schiffer
3ec108aacc
gluon-web: fix Http:getcookie()
...
None of our code uses cookies, so this issue went unnoticed.
2019-06-16 14:55:23 +02:00
bobcanthelpyou
3b55cbc1f3
gluon-web: fix typos
2019-03-18 21:49:54 +01:00
Matthias Schiffer
a2be178ce8
gluon-web: add view helper for JSON-encoded values
...
Can be used for inserting Lua values into inline JS code.
2018-09-01 11:28:12 +02:00
Matthias Schiffer
06a9d61523
gluon-web-*: replace nixio with luaposix
2018-07-17 20:08:16 +02:00
Matthias Schiffer
9648489a01
gluon-web: reorganize layout handling
...
Also bring back gluon-web-theme's i18n strings.
2018-02-26 00:07:12 +01:00
Matthias Schiffer
c3e4ceed28
gluon-web: split out model support into a separate package
2018-02-26 00:07:08 +01:00
Matthias Schiffer
83a6847fbd
gluon-web: remove unneeded functions from gluon.web.util
...
exec() is moved to gluon.util.
2018-02-25 17:13:30 +01:00
Matthias Schiffer
218de7e0ae
gluon-web: pass base path from CGI script
2018-02-25 17:13:30 +01:00
Matthias Schiffer
661e4dee9f
gluon-config-mode-core, gluon-web-*: do not access dispatcher directly
2018-02-25 17:13:30 +01:00
Matthias Schiffer
557565e189
gluon-web: add i18n package namespaces
2018-02-23 13:39:56 +01:00
Matthias Schiffer
9ece0daa76
gluon-web: ListValue: convert keys to strings before adding to key list
...
Fixes validation of ListValues.
Fixes: ec532b95
"gluon-web: extend ListValue with optional and unset
values"
2018-02-04 18:57:27 +01:00
Matthias Schiffer
ec532b95cf
gluon-web: extend ListValue with optional and unset values
...
If a value is unset or optional, an empty choice is added to the selection.
This empty choice will be marked as invalid if the value is not optional.
This is properly supported for the 'select' widget only for now, and not
for 'radio'.
2018-01-31 17:08:21 +01:00
Matthias Schiffer
cfe1bba8ae
gluon-web: fix radio button view of ListValues
...
Pretty much everything about this was broken:
* Fix dependency tracking
* Fix vertical orientation
* Fix paddings
* Add theming
2018-01-31 15:47:45 +01:00
Matthias Schiffer
6cf88c3b03
Replace luci-lib-jsonc with our own lua-jsonc
2018-01-18 16:28:59 +01:00
Matthias Schiffer
12103d9638
gluon-web: remove useless serialize_json alias
2018-01-18 07:49:00 +01:00
Matthias Schiffer
1d7b4482b7
gluon-web: add renderer._translate()
...
_translate() will return nil when no match is found.
2017-02-22 19:28:22 +01:00
Matthias Schiffer
e4b74be506
gluon-web: add package
...
The gluon-web package is basically a stripped-down and refactored version
of the LuCI base.
2017-02-22 01:30:58 +01:00