1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-12-19 03:50:54 +01:00
No description
Find a file
epriestley ecd4b03a4e Unbreak OAuth Registration
Summary:
@vrana patched an important external-CSRF-leaking hole recently (D1558), but
since we are sloppy in building this form it got caught in the crossfire.

We set action to something like "http://this.server.com/oauth/derp/", but that
triggers CSRF protection by removing CSRF tokens from the form. This makes OAuth
login not work.

Instead, use the local path only so we generate a CSRF token.

Test Plan: Registered locally via oauth.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran, epriestley, demo

Maniphest Tasks: T853

Differential Revision: https://secure.phabricator.com/D1597
2012-02-08 13:42:48 -08:00
bin Improve CLI script for account creation and document account/reg setup process 2011-05-12 18:44:53 -07:00
conf Separate field for branch in revision 2012-02-06 17:28:46 -08:00
externals Include added reviewers and ccs in preview 2012-01-04 17:08:13 -08:00
resources Simplify Project status field 2012-02-07 14:59:38 -08:00
scripts Fix existence test in "reconcile.php" 2012-02-07 10:46:26 -08:00
src Unbreak OAuth Registration 2012-02-08 13:42:48 -08:00
support/aphlict Aphlict, simple notification server 2011-05-17 10:32:41 -07:00
webroot Split "Create Another Task" button into "Similar Task" and "Empty Task" 2012-02-08 09:44:22 -08:00
.arcconfig Add a custom lint name hook to Phabricator 2011-08-31 13:49:30 -07:00
.divinerconfig Some documentation updates. 2011-09-14 08:02:31 -07:00
.gitignore Key Value Store for ManiphestTask 2011-07-25 19:11:55 -07:00
.gitmodules Just change the location. 2011-05-28 15:14:54 -07:00
README Add a roadmap document and update the README. 2011-06-29 09:38:03 -07:00

Phabricator is a open source collection of web applications which make it easier
to write, review, and share source code. Phabricator was developed at Facebook.

This is an early release. It's pretty high-quality and usable, but under
active development so things may change quickly.

You can learn more about the project and find links to documentation and
resources at: http://phabricator.org/

LICENSE

Phabricator is released under the Apache 2.0 license except as otherwise noted.
http://www.apache.org/licenses/LICENSE-2.0