Closed Bug 1090427 Opened 10 years ago Closed 10 years ago

Backport bug 713926 to bmo/4.2 to protect against csrf for login forms

Categories

(bugzilla.mozilla.org :: User Interface, defect)

Product:
bugzilla.mozilla.org
Component:
User Interface
Version:
Production
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED

People

(Reporter: dkl, Assigned: dkl)

References

Details

Attachments

(1 file)

1090427_1.patch
11.08 KB, patch
glob
: review+
Details | Diff | Splinter Review 
SSIA
Attached patch 1090427_1.patchSplinter Review 
Relevant bits from bug 713926 minus the WebService change that no longer returns cookies for User.login. I remember we were not ready to go that far yet.

dkl
Attachment #8512918 - Flags: review?(glob)
Comment on attachment 8512918 [details] [diff] [review]
1090427_1.patch

Review of attachment 8512918 [details] [diff] [review]:
-----------------------------------------------------------------

r=glob

this backport looks straight forward, i wonder why it didn't happen upstream :|
Attachment #8512918 - Flags: review?(glob) → review+
Thanks for the review glob. Please commit this prior to the next code push to production.

dkl
Flags: needinfo?(glob)
Flags: needinfo?(glob)
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   d6ee5ad..4e1941f  master -> master
Status: ASSIGNED → RESOLVED
Closed: 10 years ago
Resolution: --- → FIXED
Group: webtools-security
Blocks: 1093582
Blocks: 1093622
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: