diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2011-10-20 11:29:26 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2011-12-12 17:36:45 -0500 |
| commit | 2d6eeb205e196cc6556f832555e74968619c0f1e (patch) | |
| tree | 181ae3111506bd2f6dc9eda172f262b14e613e00 /ipalib/errors.py | |
| parent | da4b4fc4d9ef42f8ca46d5b5f405b93ba84f07d0 (diff) | |
| download | freeipa-2d6eeb205e196cc6556f832555e74968619c0f1e.tar.gz freeipa-2d6eeb205e196cc6556f832555e74968619c0f1e.tar.xz freeipa-2d6eeb205e196cc6556f832555e74968619c0f1e.zip | |
Require an HTTP Referer header in the server. Send one in ipa tools.
This is to prevent a Cross-Site Request Forgery (CSRF) attack where
a rogue server tricks a user who was logged into the FreeIPA
management interface into visiting a specially-crafted URL where
the attacker could perform FreeIPA oonfiguration changes with the
privileges of the logged-in user.
https://bugzilla.redhat.com/show_bug.cgi?id=747710
Diffstat (limited to 'ipalib/errors.py')
| -rw-r--r-- | ipalib/errors.py | 17 |
1 files changed, 17 insertions, 0 deletions
diff --git a/ipalib/errors.py b/ipalib/errors.py index 4463fee70..5b634880d 100644 --- a/ipalib/errors.py +++ b/ipalib/errors.py @@ -441,6 +441,23 @@ class XMLRPCMarshallError(PublicError): errno = 910 format = _('error marshalling data for XML-RPC transport: %(error)s') + +class RefererError(PublicError): + """ + **911** Raised when the the request does not contain an HTTP referer + + For example: + + >>> raise RefererError() + Traceback (most recent call last): + ... + RefererError: Missing or invalid HTTP Referer + """ + + errno = 911 + format = _('Missing or invalid HTTP Referer, %(referer)s') + + ############################################################################## # 1000 - 1999: Authentication errors class AuthenticationError(PublicError): |