You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@geode.apache.org by jaredjstewart <gi...@git.apache.org> on 2016/10/11 16:35:11 UTC

[GitHub] incubator-geode pull request #256: Feature/geode 1532

GitHub user jaredjstewart opened a pull request:

    https://github.com/apache/incubator-geode/pull/256

    Feature/geode 1532

    GEODE-999: Convert pulse uiTests to phantomJS.
    GEODE-1966: Prevent unauthorized users from viewing pulseVersion details.
    GEODE-1532: Fix Pulse clickjacking vulnerability.

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/jaredjstewart/incubator-geode feature/GEODE-1532

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/incubator-geode/pull/256.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #256
    
----
commit 96f10a5b2aad7c0a2b3c34d16c0cffdca7c1156e
Author: Jared Stewart <js...@pivotal.io>
Date:   2016-10-03T21:15:59Z

    GEODE-999: All unignored UITests now pass

commit ed66a2dab64f3adbfb19b66f2daf8f367cdd8002
Author: Jared Stewart <js...@pivotal.io>
Date:   2016-10-05T19:09:12Z

    GEODE-999: Converted from Firefox driver to PhantomJS driver to run UITests in headless mode

commit a7d537fee7a70ca4b696b7c87ccb9873d4f91ecb
Author: Jared Stewart <js...@pivotal.io>
Date:   2016-10-10T18:50:42Z

    Moved pulse ui tests into their own package.

commit 0b9e625dc866fff1281255095d632f0119ae4086
Author: Jared Stewart <js...@pivotal.io>
Date:   2016-10-10T23:59:07Z

    GEODE-1966: Unauthorized users cannot access pulseVersion details

commit 655f2286efe3218f419b614d9e4ceb15c6cfe505
Author: Jared Stewart <js...@pivotal.io>
Date:   2016-10-11T01:48:01Z

    GEODE-1532: Fix Pulse Clickjacking vuln.

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-geode pull request #256: Feature/geode 1532

Posted by jaredjstewart <gi...@git.apache.org>.

Github user jaredjstewart commented on a diff in the pull request:

    https://github.com/apache/incubator-geode/pull/256#discussion_r83038180
  
    --- Diff: geode-pulse/src/main/webapp/WEB-INF/spring-security.xml ---
    @@ -20,15 +20,14 @@
     	xmlns:context="http://www.springframework.org/schema/context"
     	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     	xsi:schemaLocation="http://www.springframework.org/schema/beans
    -	http://www.springframework.org/schema/beans/spring-beans.xsd
    +	http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
    --- End diff --
    
    Sorry, didn't mean to commit this change.  I added it back in during development because Intellij don't property resolve the schema for me without the version.  Do you have this problem?  (Elements like `<headers>` are red in intellij without the version).


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-geode pull request #256: Feature/geode 1532

Posted by jinmeiliao <gi...@git.apache.org>.

Github user jinmeiliao commented on a diff in the pull request:

    https://github.com/apache/incubator-geode/pull/256#discussion_r82900400
  
    --- Diff: geode-pulse/src/main/webapp/WEB-INF/spring-security.xml ---
    @@ -20,15 +20,14 @@
     	xmlns:context="http://www.springframework.org/schema/context"
     	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
     	xsi:schemaLocation="http://www.springframework.org/schema/beans
    -	http://www.springframework.org/schema/beans/spring-beans.xsd
    +	http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
    --- End diff --
    
    We should use versionless xsd.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-geode pull request #256: Feature/geode 1532

Posted by jaredjstewart <gi...@git.apache.org>.

Github user jaredjstewart commented on a diff in the pull request:

    https://github.com/apache/incubator-geode/pull/256#discussion_r83038809
  
    --- Diff: geode-pulse/build.gradle ---
    @@ -68,6 +68,11 @@ dependencies {
       testCompile project(':geode-core')
       testCompile files(project(':geode-core').sourceSets.test.output)
     
    +  testCompile(group: 'com.codeborne', name: 'phantomjsdriver', version: project.'phantomjsdriver.version') {
    +      exclude module: 'selenium-remote-driver' //by artifact name
    +      exclude module: 'selenium-java' //by artifact name
    +  }
    +
       testCompile 'org.seleniumhq.selenium:selenium-firefox-driver:' + project.'selenium.version'
    --- End diff --
    
    Thanks for catching this, I pushed a change to fix it and the schema versions.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-geode pull request #256: Feature/geode 1532

Posted by jinmeiliao <gi...@git.apache.org>.

Github user jinmeiliao commented on a diff in the pull request:

    https://github.com/apache/incubator-geode/pull/256#discussion_r82900331
  
    --- Diff: geode-pulse/build.gradle ---
    @@ -68,6 +68,11 @@ dependencies {
       testCompile project(':geode-core')
       testCompile files(project(':geode-core').sourceSets.test.output)
     
    +  testCompile(group: 'com.codeborne', name: 'phantomjsdriver', version: project.'phantomjsdriver.version') {
    +      exclude module: 'selenium-remote-driver' //by artifact name
    +      exclude module: 'selenium-java' //by artifact name
    +  }
    +
       testCompile 'org.seleniumhq.selenium:selenium-firefox-driver:' + project.'selenium.version'
    --- End diff --
    
    If we are not using firefox driver anymore, we can take this out.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] incubator-geode pull request #256: Feature/geode 1532

Posted by asfgit <gi...@git.apache.org>.

Github user asfgit closed the pull request at:

    https://github.com/apache/incubator-geode/pull/256


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---