mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-11 17:32:41 +01:00
ecd4b03a4e
Summary: @vrana patched an important external-CSRF-leaking hole recently (D1558), but since we are sloppy in building this form it got caught in the crossfire. We set action to something like "http://this.server.com/oauth/derp/", but that triggers CSRF protection by removing CSRF tokens from the form. This makes OAuth login not work. Instead, use the local path only so we generate a CSRF token. Test Plan: Registered locally via oauth. Reviewers: vrana, btrahan Reviewed By: vrana CC: aran, epriestley, demo Maniphest Tasks: T853 Differential Revision: https://secure.phabricator.com/D1597 |
||
---|---|---|
.. | ||
base | ||
default |