Learn more about these different git repos.
Other Git URLs
I went to revoke an API token from a project's settings page but my session had expired. When I authenticated again from fedoauth and got redirected back, I got this error:
Method Not Allowed The method is not allowed for the requested URL.
That makes sense, this url accepts only POST and fedoauth returns you to a GET page.
If you would have refresh the settings page before trying to revoke the token this would not have happened.
What do you think should happen?
Perhaps change it to allow GET and have fedoauth send you to the GET endpoint with the correct parameters? I don't think there's a huge disadvantage there. Alternatively, have fedoauth just return you back to the settings page in that case, but then it should be made clear that the token is still not invalidated.
Even if we allow GET, it will not work due to the csrf validation and I don't think we should provide all the arguments in the URL.
What we can do is accept GET and redirect from GET to the settings page with an 'Action canceled' error message.
Implemented in https://pagure.io/pagure/pull-request/233
Merged
Login to comment on this ticket.