mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-22 23:02:42 +01:00
No description
04c07a7a7b
Summary: Fixes T4802. For context, see T1921. Originally (in T1921), a developer ran into an issue where rendering `phabricator_form()` with an absolute URI confusingly dropped CSRF tokens, and it wasn't obvious why. This is a security measure, but at the time it wasn't very clear how all the pieces fit together. To make it more clear, we: # expanded the exception text in developer mode to include a description of this issue; and # added an exception in developer mode when rendering a form like this. However, (2) causes some undesirable interactions for file downloads. In particular, if: - developer mode is on; and - there's no alternate file domain configured; and - you try to download a file... ...we produce CDN URIs that are fully-qualified, and you get the exception from (2) above. This is kind of a mess, and producing fully-qualified CDN URIs in all cases is simple and clear and desirable. To resolve this, just revert (2). We still have the clarification from (1) above and this hasn't caused further issues, so I think that's sufficient. This is a rare issue anyway and not particularly serious or error prone (at worst, a bit confusing and annoying, but hopefully easy to understand and resolve after the changes in (1)). Test Plan: With develper mode and no alternate file domain, downloaded files from Files. Reviewers: btrahan Reviewed By: btrahan Subscribers: epriestley Maniphest Tasks: T4802 Differential Revision: https://secure.phabricator.com/D8776 |
||
---|---|---|
bin | ||
conf | ||
externals | ||
resources | ||
scripts | ||
src | ||
support | ||
webroot | ||
.arcconfig | ||
.editorconfig | ||
.gitignore | ||
LICENSE | ||
NOTICE | ||
README |
Phabricator is an open source collection of web applications which help software companies build better software. Phabricator includes applications for: - reviewing and auditing source code; - hosting and browsing repositories; - assembling a party to venture forth; - tracking bugs; - hiding stuff from coworkers; and - also some other things. You can learn more about the project (and find links to documentation and resources) here: http://phabricator.org/ Phabricator is developed and maintained by Phacility. The first version of Phabricator was originally built at Facebook. LICENSE Phabricator is released under the Apache 2.0 license except as otherwise noted.