Closed
Bug 930166
Opened 8 years ago
Closed 8 years ago
Update all webmaker components to use the "csrf-token" meta name instead of "X-CSRF-TOKEN"
Categories
(Webmaker Graveyard :: webmaker.org, defect)
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: giecrilj, Assigned: michiel)
References
()
Details
Attachments
(8 files)
|
55 bytes,
text/x-github-pull-request
|
thecount
:
review+
|
Details | Review |
|
54 bytes,
text/x-github-pull-request
|
sedge
:
review+
|
Details | Review |
|
56 bytes,
text/x-github-pull-request
|
thecount
:
review+
|
Details | Review |
|
56 bytes,
text/x-github-pull-request
|
thecount
:
review+
|
Details | Review |
|
48 bytes,
text/x-github-pull-request
|
cade
:
review+
|
Details | Review |
|
52 bytes,
text/x-github-pull-request
|
gvn
:
review+
|
Details | Review |
|
43 bytes,
text/x-github-pull-request
|
cade
:
review+
|
Details | Review |
|
49 bytes,
text/x-github-pull-request
|
cade
:
review+
|
Details | Review |
User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:24.0) Gecko/20100101 Firefox/24.0 (Beta/Release) Build ID: 2013091200 Steps to reproduce: Validate the page "Gallery - Mozilla Webmaker". Actual results: Errors found while checking this document as HTML5! 29 Errors, 1 warning(s), including: Line 7, Column 63: Bad value X-CSRF-Token for attribute name on element meta: Keyword x-csrf-token is not registered. Expected results: Congratulations, etc.
|
Reporter | |
Updated•8 years ago
|
|
|
Reporter | |
Updated•8 years ago
|
OS: All → Linux
Hardware: All → x86_64
|
||
Updated•8 years ago
|
Component: General → webmaker.org
QA Contact: brett
That's not an error, that's the validator being too strict. On that note, which validator is flagging this? The only restriction on a meta element "name" attribute is that if it is specified, there MUST be an associated "content" attribute as well. Other than that, the "name" attribute can be any string. As such, using the string "X-CSRF-Token" cannot lead to a validation error under HTML5 rules.
that said, the spec gives the following guideline for validators: "Conformance checkers may use the information given on the WHATWG Wiki MetaExtensions page to establish if a value is allowed or not: values defined in this specification or marked as "proposed" or "ratified" must be accepted, whereas values marked as "discontinued" or not listed in either this specification or on the aforementioned page must be reported as invalid. Conformance checkers may cache this information (e.g. for performance reasons or to avoid the use of unreliable network connectivity)." so we can either add the x-csrf-token as a proposal, or change the already proposed "csrf-token" name from applying to just "ruby" to simply being the name for csrf tokens irrespective of the underlying technology and switch from x-csrf-token to csrf-token instead.
morphing to tracking ticket to update all projects to use "csrf-token" rather than "X-CSRF-TOKEN"
Assignee: nobody → pomax
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Summary: Webmaker home page is invalid → Update all webmaker components to use the "csrf-token" meta name instead of "X-CSRF-TOKEN"
patch for login
Attachment #833170 -
Flags: review?(kieran.sedgwick)
patch for webmaker.org
Attachment #833175 -
Flags: review?(cade)
patch for webmaker-profile
Attachment #833176 -
Flags: review?(gavin)
|
Assignee | |
Comment 11•8 years ago
|
||
patch for makeapi-client
Attachment #833178 -
Flags: review?(cade)
|
|
Assignee | |
Comment 12•8 years ago
|
||
To test these patches, you will need to check out "your" patch, as well as the login patch because that sets up the correct metaname-extraction-for-persona.
|
||
Comment 13•8 years ago
|
||
Comment on attachment 833170 [details] [review] https://github.com/mozilla/login.webmaker.org/pull/203 ARRRRRRRRRRR plus.
Attachment #833170 -
Flags: review?(kieran.sedgwick) → review+
|
||
Comment 14•8 years ago
|
||
Comment on attachment 833177 [details] [review] https://github.com/mozilla/MakeAPI/pull/171 I think should we change this line: https://github.com/mozilla/MakeAPI/blob/master/views/admin.html#L9 to ' name="csrf-token" ' as well as in views/login.html
Attachment #833177 -
Flags: review?(cade) → review-
|
|
||
Comment 15•8 years ago
|
||
Comment on attachment 833175 [details] [review] https://github.com/mozilla/webmaker.org/pull/501 r+
Attachment #833175 -
Flags: review?(cade) → review+
|
|
||
Comment 16•8 years ago
|
||
Comment on attachment 833178 [details] [review] https://github.com/mozilla/makeapi-client/pull/16 R+ You will want to tag this and update the apps that use it.
Attachment #833178 -
Flags: review?(cade) → review+
|
|
||
Comment 17•8 years ago
|
||
Comment on attachment 833177 [details] [review] https://github.com/mozilla/MakeAPI/pull/171 Looks good with the changes for the admin+login pages.
Attachment #833177 -
Flags: review- → review+
|
||
Updated•8 years ago
|
Attachment #833173 -
Flags: review?(scott) → review+
|
|
||
Updated•8 years ago
|
Attachment #833172 -
Flags: review?(scott) → review+
|
|
||
Updated•8 years ago
|
Attachment #833168 -
Flags: review?(scott) → review+
|
||
Updated•8 years ago
|
Attachment #833176 -
Flags: review?(gavin) → review+
|
||
Comment 18•8 years ago
|
||
Commit pushed to master at https://github.com/mozilla/makeapi-client https://github.com/mozilla/makeapi-client/commit/6a34179668dcd8f18250bea0bed2c968d4a12adc Merge pull request #16 from Pomax/bug930166 csrf-token rename
|
|
||
Comment 19•8 years ago
|
||
Commit pushed to master at https://github.com/mozilla/thimble.webmaker.org https://github.com/mozilla/thimble.webmaker.org/commit/1856564f848d8de91665a3f809115866eb583daa Merge pull request #289 from Pomax/bug930166 csrf-token rename
|
|
||
Comment 20•8 years ago
|
||
Commit pushed to master at https://github.com/mozilla/popcorn.webmaker.org https://github.com/mozilla/popcorn.webmaker.org/commit/9a90d7912bbac75a9d459e7bdc3353bcfeee7865 Merge pull request #324 from Pomax/bug930166 csrf-token rename
|
|
||
Comment 21•8 years ago
|
||
Commit pushed to master at https://github.com/mozilla/webmaker-profile https://github.com/mozilla/webmaker-profile/commit/9358634aa2e7c3c516fff0b585a0ea165a6a033a Merge pull request #210 from Pomax/bug930166 csrf-token rename
|
|
||
Comment 22•8 years ago
|
||
Commit pushed to master at https://github.com/mozilla/goggles.webmaker.org https://github.com/mozilla/goggles.webmaker.org/commit/df009784926c35e2b43a3a8dc036d9858ce763fa Merge pull request #64 from Pomax/bug930166 csrf-token rename
|
|
||
Comment 23•8 years ago
|
||
Commit pushed to master at https://github.com/mozilla/login.webmaker.org https://github.com/mozilla/login.webmaker.org/commit/539d6ecaf6e55a76be8a80709dce8034333a9ae6 Merge pull request #203 from Pomax/bug930166 csrf-token rename
|
|
||
Comment 24•8 years ago
|
||
Commit pushed to master at https://github.com/mozilla/MakeAPI https://github.com/mozilla/MakeAPI/commit/f8d563e6c2ee97ffcdcb14a64dd3020f775ff6a1 Merge pull request #171 from Pomax/bug930166 csrf-token rename
|
|
||
Comment 25•8 years ago
|
||
Commit pushed to master at https://github.com/mozilla/webmaker.org https://github.com/mozilla/webmaker.org/commit/40ff26342e71ebde9e0d45e027c7f4fa061eb272 Merge pull request #501 from Pomax/bug930166 csrf-token rename
|
|
Assignee | |
Comment 26•8 years ago
|
||
everything landed.
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
You need to log in
before you can comment on or make changes to this bug.
Description
•