Closed Bug 1090427 Opened 5 years ago Closed 5 years ago

Backport bug 713926 to bmo/4.2 to protect against csrf for login forms

Categories

(bugzilla.mozilla.org :: User Interface, defect)

Production
defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: dkl, Assigned: dkl)

References

(Blocks 1 open bug)

Details

Attachments

(1 file)

SSIA
Attached patch 1090427_1.patchSplinter Review
Relevant bits from bug 713926 minus the WebService change that no longer returns cookies for User.login. I remember we were not ready to go that far yet.

dkl
Attachment #8512918 - Flags: review?(glob)
Comment on attachment 8512918 [details] [diff] [review]
1090427_1.patch

Review of attachment 8512918 [details] [diff] [review]:
-----------------------------------------------------------------

r=glob

this backport looks straight forward, i wonder why it didn't happen upstream :|
Attachment #8512918 - Flags: review?(glob) → review+
Thanks for the review glob. Please commit this prior to the next code push to production.

dkl
Flags: needinfo?(glob)
Flags: needinfo?(glob)
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   d6ee5ad..4e1941f  master -> master
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Group: webtools-security
Blocks: 1093582
You need to log in before you can comment on or make changes to this bug.