Item13613: JHotDrawPlugin no longer works in Foswiki 2.0 because of the changed rest
Priority: Normal
Current State: Closed
Released In: n/a
Target Release: n/a
As I am testing 2.0 I now run into my next show stopper problem
JHotDrawPlugin which saves though the rest interface will not work.
I have tried many things to make it work.
- Note I use ApacheLogin - that I cannot change
- I have tried to add and remove the rest script from the apache config for auth scripts
- I have tried to enable {LegacyRESTSecurity}. That changes the failure from not allowing GET on rest to failing the strikeone check. The plugin works fine with strikeone on 1.1.9
- I have tried to change {Session}{AcceptUserPwParam} to ^(rest|view)(auth)?$
And it still fails.
I think it has become very confusing with all these {LegacyRESTSecurity} and {Session}{AcceptUserPwParam} settings with poor explanations of when to apply what and why. I certainly do not understand what is going on.
A lot of the strikeone stuff in the
JHotDrawPlugin is javascript so I am a bit lost how to attack it.
--
KennethLavrsen - 11 Aug 2015
I tried more experiments. I tried to disable {Validation}{ExpireKeyOnUse}. Then it worked. Then I enabled it again. And it still worked. I cannot get the error back now. It can have something to do with how Java caches passwords.
Under all circumstances - the plugin should be updated to work with the new way to handle rest so you do not need to enable a legacy setting. Where is that new thing documented?
--
KennethLavrsen - 11 Aug 2015
OK. It is documented in
EmptyPlugin.
I think I can do this change to fix the GET thing. Is this new syntax for defining the rest handler backwards compatible?
--
KennethLavrsen - 11 Aug 2015
I am adding this
Foswiki::Func::registerRESTHandler(
'edit',
\&_restEdit,
authenticate => 1, # Set to 0 if handler should be useable by WikiGuest
validate => 1, # Set to 0 to disable StrikeOne CSRF protection
http_allow => 'GET,POST', # Set to 'GET,POST' to allow use HTTP GET and POST
description => 'Edit handler for JHotDrawPlugin'
);
Foswiki::Func::registerRESTHandler(
'upload',
\&_restUpload,
validate => 1, # Set to 0 to disable StrikeOne CSRF protection
http_allow => 'POST', # Set to 'GET,POST' to allow use HTTP GET and POST
description => 'Upload handler for JHotDrawPlugin'
);
--
KennethLavrsen - 11 Aug 2015
I have to disable the validate parts because they fail in 1.1.9
It is not backwards compatible
--
KennethLavrsen - 11 Aug 2015