You are viewing a plain text version of this content. The canonical link for it is here.

Posted to notifications@couchdb.apache.org by robertkowalski <gi...@git.apache.org> on 2015/08/12 20:29:09 UTC

[GitHub] couchdb-fauxton pull request: Add CSRF indicator

GitHub user robertkowalski opened a pull request:

    https://github.com/apache/couchdb-fauxton/pull/497

    Add CSRF indicator

    includes a lot of refactoring and bug fixes, click on each commit for less noise in the diff :)
    
    
    main patch: 
    
    ```
    adds a small indicator to the sidebar if we are protected
    against CSRF.
    
    to test, comment `res.setHeader('x-couchdb-csrf-valid', 'true');`
    in `tasks/couchserver.js` and browse without logging into fauxton
    
    we have to modify the dev-server to test as the dev-version of
    fauxton fetches the html templates through it with ajax, which is
    disturbing for the detection.
    
    this closes COUCHDB-2769
    ```

You can merge this pull request into a Git repository by running:

    $ git pull https://github.com/robertkowalski/couchdb-fauxton csrf-indicator

Alternatively you can review and apply these changes as the patch at:

    https://github.com/apache/couchdb-fauxton/pull/497.patch

To close this pull request, make a commit to your master/trunk branch
with (at least) the following in the commit message:

    This closes #497
    
----
commit a6a52a51a5c486deacbcb785c093c9705af21838
Author: Robert Kowalski <ro...@apache.org>
Date:   2015-08-12T17:34:03Z

    fix removeHeaderLink function
    
    `_.first` returns the first element of an array.

commit 5f380c9c0e3053ff3f776ac704a520c80f2f0fe6
Author: Robert Kowalski <ro...@apache.org>
Date:   2015-08-12T17:35:18Z

    Refactor code
    
     - use early returns
     - fix formatting

commit 018d967b76ea47243845dfa674bc3c0d1545b0db
Author: Robert Kowalski <ro...@apache.org>
Date:   2015-08-12T18:22:41Z

    refactor navbar rendering

commit 9d84a5be602637f7827aa9dd46a425398086ee64
Author: Robert Kowalski <ro...@apache.org>
Date:   2015-08-12T18:23:41Z

    csrf: add CSRF indicator
    
    adds a small indicator to the sidebar if we are protected
    against CSRF.
    
    to test, comment `res.setHeader('x-couchdb-csrf-valid', 'true');`
    in `tasks/couchserver.js` and browse without logging into fauxton
    
    we have to modify the dev-server to test as the dev-version of
    fauxton fetches the html templates through it with ajax, which is
    disturbing for the detection.
    
    this closes COUCHDB-2769

----


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] couchdb-fauxton pull request: Add CSRF indicator

Posted by robertkowalski <gi...@git.apache.org>.

Github user robertkowalski commented on the pull request:

    https://github.com/apache/couchdb-fauxton/pull/497#issuecomment-131401426
  
    merged


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] couchdb-fauxton pull request: Add CSRF indicator

Posted by garrensmith <gi...@git.apache.org>.

Github user garrensmith commented on the pull request:

    https://github.com/apache/couchdb-fauxton/pull/497#issuecomment-130683765
  
    +1 once the tests pass.


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---

[GitHub] couchdb-fauxton pull request: Add CSRF indicator

Posted by robertkowalski <gi...@git.apache.org>.

Github user robertkowalski closed the pull request at:

    https://github.com/apache/couchdb-fauxton/pull/497


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastructure@apache.org or file a JIRA ticket
with INFRA.
---