andpp/mopidy
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
7,670 Commits 1 Branch 0 Tags 24 MiB
9f7b3478d2
Commit Graph

7670 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Stein Magnus Jodal
9f7b3478d2
Merge pull request #1712 from kingosticks/fix/cors-breaking-changes 
http: allow local files to access websocket (Fixes #1711)
 2018-10-09 00:50:25 +02:00
Nick Steel
6e9ed9e8a9 http: allow local files to access websocket (Fixes #1711) 
check_origin() still ensures the Origin header is set but now only blocks
when missing from the allowed list *if* a network location was extracted
from the header. This prevents websocket connections originating from
local files (common in Apache Cordova apps such as Mopidy-Mobile) from
being blocked; these files don't really have a sensible value for Origin
so the client browser sets the header to something like 'file://' or
'null'.

Also added some tests for check_origin().
 2018-10-08 23:39:47 +01:00
Stein Magnus Jodal
e025f04160 Release v2.2.0 2018-09-30 00:28:47 +02:00
Stein Magnus Jodal
d6a920aacb Bump version number to 2.2.0 2018-09-30 00:28:23 +02:00
Stein Magnus Jodal
b62c153425 docs: v2.2.0 release notes 2018-09-30 00:09:48 +02:00
Stein Magnus Jodal
c83132b5ec Update AUTHORS 2018-09-30 00:03:57 +02:00
Stein Magnus Jodal
7a0ade4112 tox: Remove pytest-xdist 
This seems to fix the Travis build that recently started getting an
ImportError on `gobject`.
 2018-09-29 23:32:30 +02:00
Nick Steel
09240dae2f
Merge pull request #1702 from jodal/fix/m3u-arbitrary-file-access 
Fix arbitrary file access in M3U backend
 2018-09-27 22:52:32 +01:00
Stein Magnus Jodal
58e75b2b7a m3u: Ignore paths outside the playlist_dir 
Fixes #1659
 2018-09-19 22:27:18 +02:00
Stein Magnus Jodal
23e73d962b core: Define playlists.delete() return type 2018-09-19 22:27:18 +02:00
Stein Magnus Jodal
60546c595a m3u: Avoid using deprecated methods in tests 2018-09-19 22:27:18 +02:00
Stein Magnus Jodal
3366780eed m3u: Avoid mutable default value 2018-09-19 22:27:18 +02:00
Stein Magnus Jodal
a61cdf4823 Merge branch 'release-2.1' into develop 2018-09-19 22:26:36 +02:00
Stein Magnus Jodal
2fb7885c56 Merge branch 'master' into release-2.1 2018-09-19 22:25:58 +02:00
Stein Magnus Jodal
faea0c638c docs: Avoid Sphinx 1.8.0, which fails on Python 2.7 
See https://github.com/sphinx-doc/sphinx/issues/5417
 2018-09-19 21:37:17 +02:00
Stein Magnus Jodal
0efbe981f5 tox: Ensure Sphinx from within tox env is used 2018-09-19 21:33:43 +02:00
Nick Steel
2ee1300571
Merge pull request #1689 from vonZeppelin/fix-typo 
models: Fix typo in __all__ list
 2018-07-02 17:25:16 +01:00
Leonid Bogdanov
ee2c36b0f2
Fix typo in __all__ list 2018-06-24 22:37:25 +10:00
Stein Magnus Jodal
f267e8db20 Merge branch 'release-2.1' into develop 2018-06-05 22:18:08 +02:00
Stein Magnus Jodal
e9f5c6cb06 Merge branch 'master' into release-2.1 2018-06-05 22:17:39 +02:00
Stein Magnus Jodal
99f6ae2a5c docs: Remove Mopidy-Notifier extension 
Upstream seems to have disappeared.
 2018-06-04 02:32:11 +02:00
Mark Greenwood
b01f3f5486 Update URL and image in docs for RompR MPD client 2018-06-04 02:31:25 +02:00
Damien Cassou
029ed5f0b0 docs: Add MPDel client 2018-06-04 02:31:10 +02:00
Stein Magnus Jodal
69ef2ef9ba docs: MPRIS playlists interface is implemented 2018-06-04 02:30:52 +02:00
Stein Magnus Jodal
b3d9d7106e docs: Fix testing example 2018-06-04 02:30:41 +02:00
Nick Steel
65014ad475
Merge pull request #1677 from fatg3erman/develop 
docs: Update URL and image in docs for RompR MPD client
 2018-05-14 15:59:17 +01:00
Mark Greenwood
5a81399a53 Update URL and image in docs for RompR MPD client 2018-05-14 15:17:50 +01:00
Stein Magnus Jodal
97a089ed3a
Merge pull request #1673 from DamienCassou/docs/add-mpdel-client 
docs: Add MPDel client
 2018-05-08 14:06:00 +02:00
Damien Cassou
dea72384ae
docs: Add MPDel client 2018-05-08 12:58:39 +02:00
Stein Magnus Jodal
9f69805fa7 docs: Tweak changelog 2018-04-19 20:54:18 +02:00
Stein Magnus Jodal
2cb7993316
Merge pull request #1621 from kingosticks/fix/mpd-load-tracklist-metadata 
Lookup track metadata for MPD load and listplaylistinfo
 2018-04-19 20:53:24 +02:00
Stein Magnus Jodal
18b828481f
Merge pull request #1669 from kingosticks/docs/update-raspberry-pi 
Some updates to the Raspberry Pi install guide.
 2018-04-17 08:40:26 +02:00
Nick Steel
ba708001f4 docs: updates to the Raspberry Pi install guide. 2018-04-16 23:25:54 +01:00
Nick Steel
e87599a2d3 Explicitly check for None (core playlists API future proofing). 2018-04-15 21:21:59 +01:00
Stein Magnus Jodal
267d705978 docs: Tweak changelog 2018-04-15 22:19:30 +02:00
Nick Steel
627684ec7b Updated playlistclear to use playlist lookup helper and added save failure tests. 2018-04-15 21:19:01 +01:00
nsteel
52a90a5a06 MPD's load and listplaylistinfo lookup track metadata. Fixes #1511. 
Includes tests and refactored all playlist lookups to use helper.
 2018-04-15 21:19:01 +01:00
Stein Magnus Jodal
53c8159bbc
Merge pull request #1668 from kingosticks/fix/cors 
Protect RPC interface against CSRF
 2018-04-15 22:14:46 +02:00
Nick Steel
ae4dab65e4 docs: added changelog entry 2018-04-15 17:46:46 +01:00
Nick Steel
1d6e081171 docs: mention that same-origin requests are always allowed. 2018-04-15 17:26:16 +01:00
Nick Steel
51741a7cbc HTTP: Apply allowed_origins to Websocket requests also. 2018-04-15 17:14:13 +01:00
Nick Steel
7caba4a05d docs: improved http/allowed_origins description. 2018-04-15 17:12:16 +01:00
Nick Steel
1b863b417b HTTP: New RPC CORS tests and fixed existing. 2018-04-15 17:12:16 +01:00
Nick Steel
ecb5a7038a docs: http/allowed_origins config setting description 2018-04-15 17:12:16 +01:00
Nick Steel
94ba9b6642 HTTP: Content-Type other than application/json is a 415 client error. 
Also Fixed up formatting following code review.
 2018-04-15 17:12:16 +01:00
Nick Steel
cd829c7042 HTTP: CSRF protection for RPC endpoint. 
By now enforcing the Content-Type header is set to 'application/json', we force browsers attempting a cross-domain
request to first perform a CORS preflight OPTIONS request. This request always includes an Origin header which we
check against our whitelist. The whitelist contains the current Host as well as anything specified in the new optional
allowed_origins config value. Any non-browser tools must also now set the Context-type header.
 2018-04-15 17:12:16 +01:00
Stein Magnus Jodal
41882c6395 http: Remove conditional only needed for Tornado < 3.2 2018-04-13 13:05:23 +02:00
Stein Magnus Jodal
3e91f9819d tests: Make DummyAudio reset position when URI changes 2018-04-09 23:46:30 +02:00
Stein Magnus Jodal
84aafaadcb docs: MPRIS playlists interface is implemented 2018-04-08 21:08:12 +02:00
Stein Magnus Jodal
fa70c1e527 docs: Fix testing example 2018-04-08 21:06:08 +02:00