revi-archive/phorge-phorge
1
0
Fork 0
mirror of https://we.phorge.it/source/phorge.git synced 2024-11-10 17:02:41 +01:00
Code Issues Releases Wiki Activity
phorge-phorge/src
History
epriestley ecd4b03a4e Unbreak OAuth Registration 
Summary:
@vrana patched an important external-CSRF-leaking hole recently (D1558), but
since we are sloppy in building this form it got caught in the crossfire.

We set action to something like "http://this.server.com/oauth/derp/", but that
triggers CSRF protection by removing CSRF tokens from the form. This makes OAuth
login not work.

Instead, use the local path only so we generate a CSRF token.

Test Plan: Registered locally via oauth.

Reviewers: vrana, btrahan

Reviewed By: vrana

CC: aran, epriestley, demo

Maniphest Tasks: T853

Differential Revision: https://secure.phabricator.com/D1597
2012-02-08 13:42:48 -08:00
..
aphront Add very very basic reporting to Maniphest 2012-02-08 09:47:14 -08:00
applications Unbreak OAuth Registration 2012-02-08 13:42:48 -08:00
docs Document final/private policy 2012-01-31 12:08:15 -08:00
infrastructure Allow full anchors in remarkup object names 2012-02-03 15:50:19 -08:00
storage Simplify Aphront transaction code 2012-02-07 14:58:37 -08:00
view Replace home directory list with a dashboard 2012-02-07 16:04:48 -08:00
__celerity_resource_map__.php Replace home directory list with a dashboard 2012-02-07 16:04:48 -08:00
__phutil_library_init__.php Distinguish between aphront and phabricator. 2011-01-22 17:45:28 -08:00
__phutil_library_map__.php Add very very basic reporting to Maniphest 2012-02-08 09:47:14 -08:00