Closed
Bug 1361158
Opened 8 years ago
Closed 7 years ago
Scheduled change emails should not include csrf_token in 'Row to be inserted'
Categories
(Release Engineering Graveyard :: Applications: Balrog (backend), defect, P1)
Release Engineering Graveyard
Applications: Balrog (backend)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1336452
People
(Reporter: nthomas, Unassigned)
Details
(Whiteboard: [lang=python][ready])
Received this today:
Changed by: asasaki@mozilla.com
Row to be inserted:
{'base_alias': None,
'base_backgroundRate': 50,
'base_buildID': None,
'base_buildTarget': None,
'base_channel': 'release',
'base_comment': 'Update subset of users who are running 52.x to 52.<latest>',
'base_data_version': 7,
'base_distVersion': None,
'base_distribution': None,
'base_fallbackMapping': None,
'base_headerArchitecture': None,
'base_locale': None,
'base_mapping': 'Thunderbird-52.1.0-build2',
'base_osVersion': None,
'base_priority': 86,
'base_product': 'Thunderbird',
'base_rule_id': 571,
'base_systemCapabilities': None,
'base_update_type': 'minor',
'base_version': '>=52.0',
'base_whitelist': None,
'change_type': 'update',
'csrf_token': '<redacted>', <------- this should be removed
'data_version': 1,
'scheduled_by': 'asasaki@mozilla.com'}
|
||
Comment 1•8 years ago
|
||
This is probably a by-product of grabbing all the form fields and just passing them to the database layer, eg: https://github.com/mozilla/balrog/blob/master/auslib/web/admin/views/scheduled_changes.py#L72
This should probably be fixed at the web layer.
Priority: -- → P1
Whiteboard: [lang=python][ready]
|
Reporter | |
Comment 2•7 years ago
|
||
Have also seen this in a new rule notification which wasn't a scheduled change.
|
|
||
Comment 3•7 years ago
|
||
(In reply to Nick Thomas [:nthomas] from comment #2)
> Have also seen this in a new rule notification which wasn't a scheduled
> change.
I also saw one recently that had "_duplicate" in the data. I think this might be fixed by Ashish's swagger work...
|
||
Comment 4•7 years ago
|
||
I would like to work on this bug.
|
|
||
Comment 5•7 years ago
|
||
(In reply to Harkishen H [:harikishenh] from comment #4)
> I would like to work on this bug.
This probably isn't a good choice for the moment, I think it's going to be fixed as a side effect of https://bugzilla.mozilla.org/show_bug.cgi?id=1336452.
|
|
||
Comment 6•7 years ago
|
||
oh....can you suggest any other backend bug i can work on ???
|
|
||
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
|
||
Updated•5 years ago
|
Product: Release Engineering → Release Engineering Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•