Fixes CSRF error on JI password reset #4498
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
zenmonkeykstop
requested review from
heartsucker,
kushaldas and
redshiftzero
as code owners
redshiftzero
approved these changes
Jun 3, 2019
There was a problem hiding this comment.
thank you @zenmonkeykstop! regression coverage here looks good (just tested via removing the fix and ensuring tests fail) and I tested the fix previously in #4463
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Status
Ready for review
Description of Changes
Fixes #4463
Changes proposed in this pull request:
Restores CSRF hidden field in Journalist Interface password reset form, enables CSRF for functional tests to guard against future regressions.
Testing
In a staging environment:
Deployment
No special requirements for deployment, will be part of app build.
Checklist
If you made changes to the server application code:
make lint) and tests (make -C securedrop test) pass in the development container