Closed Bug 1779086 Opened 2 years ago Closed 2 years ago

[WEBHOOKS] When an author cannot see the bug or private comment/attachment do not send any data

Tracking

()

Status:

RESOLVED FIXED

People

(Reporter: dkl, Assigned: dkl)

Details

Attachments

(1 file)

GitHub Pull Request 2 years ago David Lawrence [:dkl] 46 bytes, text/x-github-pull-request		Details \| Review

David Lawrence [:dkl]

Assignee

Description

•

2 years ago

Similar to how we block users from seeing dependencies of secure bugs in a public bug if they user cannot see them, we will not send hook data to the endpoint when a secure bug is changed.

Currently we send a filtered down JSON structure to the API endpoint even if the user cannot see the bug/comment. We will no longer do that and just skip sending.

Note: We will still filter the JSON data to only the bug id if the bug is secure and the hook owner can see the bug.

David Lawrence [:dkl]

Assignee

Comment 1

•

2 years ago

Attached file GitHub Pull Request — Details

David Lawrence [:dkl]

Assignee

Comment 2

•

2 years ago

Merged
https://github.com/mozilla-bteam/bmo/commit/82c4e9992280a0f23915b7bc8359cc5f467257cd

Status: ASSIGNED → RESOLVED

Closed: 2 years ago

Resolution: --- → FIXED

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

[WEBHOOKS] When an author cannot see the bug or private comment/attachment do not send any data

Categories

(bugzilla.mozilla.org :: Extensions, enhancement)

Tracking

()

People

(Reporter: dkl, Assigned: dkl)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Comment 1

Comment 2

Attachment

General

Description

File Name

Content Type