Closed
Bug 715723
Opened 14 years ago
Closed 14 years ago
browserid: Signing into MDN takes you away from the page you were at
Categories
(developer.mozilla.org Graveyard :: Wiki pages, defect)
Tracking
(Not tracked)
VERIFIED
FIXED
2.1
People
(Reporter: jrmuizel, Assigned: groovecoder)
References
Details
(Whiteboard: u=user c=browserid p=3)
Attachments
(1 file)
|
3.45 KB,
text/plain
|
Details |
STR:
- Goto https://developer.mozilla.org/en/Debugging_Safari
- Click "Sign in".
- Sign in using browser id
- End up here: https://developer.mozilla.org/en-US/users/login
|
Assignee | |
Updated•14 years ago
|
Whiteboard: u=user c=browserid p=
Target Milestone: --- → 2.0
|
||
Comment 1•14 years ago
|
||
screencast http://screencast.com/t/5aEkmkEgVUD
|
|
||
Comment 2•14 years ago
|
||
Luke this is related to what we discussed on IRC
|
|
Assignee | |
Updated•14 years ago
|
Summary: Signing into MDN takes you away from the page you were at → browserid: Signing into MDN takes you away from the page you were at
|
|
Assignee | |
Comment 3•14 years ago
|
||
Craig, is there any way to do the browserid pop-up with the post to /users/browserid_verify on the deki skin header the same way we do on the django header?
|
|
Assignee | |
Updated•14 years ago
|
Target Milestone: 2.0 → 2.1
|
|
Assignee | |
Comment 4•14 years ago
|
||
Few things have to happen:
* Bypass CSRF for browserid_verify
* Add browserid javascript to MT skin
** Only for en locale
Whiteboard: u=user c=browserid p= → u=user c=browserid p=3
|
||
Comment 6•14 years ago
|
||
Bypassing CSRF for browserid_verify: https://github.com/mozilla/kuma/pull/90
|
||
Comment 7•14 years ago
|
||
Commits pushed to https://github.com/mozilla/kuma
https://github.com/mozilla/kuma/commit/1893f195045effe7f05c5d5be568b4ea87bd8ce9
bug 715723: Make the browserid verification form exempt from CSRF protection
https://github.com/mozilla/kuma/commit/edb99c36ff8e72d09fa5700101ea1cb9095d609e
Merge pull request #90 from lmorchard/bug-715723
Bug 715723 - Make the BrowserID verification form exempt from CSRF protection
|
||
Updated•14 years ago
|
Assignee: nobody → craigcook.bugz
|
|
||
Comment 8•14 years ago
|
||
I've done the initial integration of BrowserID into the skin in r100272 but it now needs to be wired into our django authentication, and the info dropdown needs to be cookied so it's only shown to first-timers (and it should read the same cookie we're setting on the django site). So alas, I've done about all I can do and must hand off to Luke now to actually make it work.
Assignee: craigcook.bugz → nobody
|
|
Assignee | |
Updated•14 years ago
|
Assignee: nobody → lcrouch
|
|
Assignee | |
Comment 9•14 years ago
|
||
|
|
||
Comment 10•14 years ago
|
||
Diff applied in r100284
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
|
|
Assignee | |
Comment 12•14 years ago
|
||
Need to address a potential CSRF scenario.
Status: RESOLVED → REOPENED
Resolution: FIXED → ---
|
|
||
Comment 13•14 years ago
|
||
Commits pushed to mdn at https://github.com/mozilla/kuma
https://github.com/mozilla/kuma/commit/62eea07e34b0953c3bb7cd3a2ad095f22bcffcd6
Fix Bug 715723 theoretical csrf vulnerability
https://github.com/mozilla/kuma/commit/e957269a07f030bf0f967681ebd6656fea413beb
Merge pull request #100 from groovecoder/bug-715723
Bug 715723
|
|
||
Updated•14 years ago
|
Status: REOPENED → RESOLVED
Closed: 14 years ago → 14 years ago
Resolution: --- → FIXED
|
|
||
Comment 14•14 years ago
|
||
qa-verified-stage9 https://developer-stage9.mozilla.org/en/HTML
|
|
||
Comment 15•14 years ago
|
||
verified fixed https://developer.mozilla.org/en/Debugging_Safari
Status: RESOLVED → VERIFIED
|
||
Updated•13 years ago
|
Component: Website → Landing pages
|
||
Updated•5 years ago
|
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•