Plume
/
Plume
8
16
Fork 22
Code Issues 174 Pull Requests 8 Releases 8 Wiki Activity

Labels Milestones

Use LenientForm instead Form for CSRF protected pages #751

Merged
KitaitiMakoto merged 1 commits from csrf-token-in-form into master 4 years ago
Conversation 2 Commits 1 Files Changed 1
KitaitiMakoto commented 4 years ago (Migrated from github.com)

Hi,

I found that password reset request(POST /password-reset) and password reset(POST /password-reset/<token>) cause 422 Unprocessable Entity because Plume attempts to parse csrf-token in form to model fields. Using LenientForm instead of Form solved this problem.

Hi, I found that password reset request(`POST /password-reset`) and password reset(`POST /password-reset/<token>`) cause 422 Unprocessable Entity because Plume attempts to parse `csrf-token` in form to model fields. Using `LenientForm` instead of `Form` solved this problem.
codecov[bot] commented 4 years ago (Migrated from github.com)

Codecov Report

Merging #751 into master will decrease coverage by 0.01%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##           master     #751      +/-   ##
==========================================
- Coverage   39.01%   39.00%   -0.02%     
==========================================
  Files          73       73              
  Lines        9699     9699              
  Branches     2229     2229              
==========================================
- Hits         3784     3783       -1     
+ Misses       4787     4753      -34     
- Partials     1128     1163      +35
# [Codecov](https://codecov.io/gh/Plume-org/Plume/pull/751?src=pr&el=h1) Report > Merging [#751](https://codecov.io/gh/Plume-org/Plume/pull/751?src=pr&el=desc) into [master](https://codecov.io/gh/Plume-org/Plume/commit/c217e5e9b342304740623a4e9a8c3f189cea6f1c&el=desc) will **decrease** coverage by `0.01%`. > The diff coverage is `0.00%`. ```diff @@ Coverage Diff @@ ## master #751 +/- ## ========================================== - Coverage 39.01% 39.00% -0.02% ========================================== Files 73 73 Lines 9699 9699 Branches 2229 2229 ========================================== - Hits 3784 3783 -1 + Misses 4787 4753 -34 - Partials 1128 1163 +35 ```
elegaanz (Migrated from github.com) approved these changes 4 years ago
elegaanz (Migrated from github.com) left a comment

Thanks :)

Thanks :)
KitaitiMakoto commented 4 years ago (Migrated from github.com)

Thank you for meeting!

Thank you for meeting!

Reviewers

elegaanz
The pull request has been merged as 71e0a35e06.
You can also view command line instructions.

Step 1:

From your project repository, check out a new branch and test the changes.
git checkout -b csrf-token-in-form master
git pull origin csrf-token-in-form

Step 2:

Merge the changes and update on Forgejo.
git checkout master
git merge --no-ff csrf-token-in-form
git push origin master
Sign in to join this conversation.
Reviewers
Request review
No reviewers
elegaanz
Labels
Apply labels
Clear labels   
A: API

Related to the REST API   
A: Backend

Code running on the server   
A: Federation

Stuff related to Federation   
A: Front-End

Related to the front-end   
A: I18N

Translations, and related code   
A: Meta

More about project management or code than the project itself   
A: Security
   
Build

The building, or installation process of Plume   
C: Bug

Something isn't working   
C: Discussion

We need to talk   
C: Enhancement

New feature or request   
C: Feature

This is a new feature   
Compatibility

Compatibility with different browsers, readers and OS   
Dependency

Related to an external package that Plume uses   
Design

UI/UX related issues and PRs   
Documentation
   
Good first issue

Good for newcomers   
Help welcome

Extra attention is needed   
Mobile

Issues affecting only mobile UX   
Rendering

How elements're rendered out for the end user   
S: Blocked

Something else needs to be fixed first   
S: Duplicate

This issue or pull request already exists   
S: Incomplete

This PR is not complete yet   
S: Instance specific

Issues concern a limited number of instances   
S: Invalid

This doesn't seem right   
S: Needs Voting/Discussion

Need to be discussed by the community (on Loomio)   
S: Ready for review

This PR is ready to be reviewed   
Suggestion

Proposed ideas worth considering   
S: Voted on Loomio

This is issue has been created after a vote on Loomio   
S: Wontfix

This will not be worked on
No Label
A: API
A: Backend
A: Federation
A: Front-End
A: I18N
A: Meta
A: Security
Build
C: Bug
C: Discussion
C: Enhancement
C: Feature
Compatibility
Dependency
Design
Documentation
Good first issue
Help welcome
Mobile
Rendering
S: Blocked
S: Duplicate
S: Incomplete
S: Instance specific
S: Invalid
S: Needs Voting/Discussion
S: Ready for review
Suggestion
S: Voted on Loomio
S: Wontfix
Milestone
Set milestone
Clear milestone
No items
No Milestone
Assignees
Assign users
Clear assignees
No Assignees
1 Participants
Notifications
Due Date
The due date is invalid or out of range. Please use the format 'yyyy-mm-dd'.

No due date set.

Dependencies

No dependencies set.

Reference: Plume/Plume#751
Write Preview
Loading…
Cancel
Save
There is no content yet.
Delete Branch 'csrf-token-in-form'

Deleting a branch is permanent. It CANNOT be undone. Continue?

No
Yes