Plume/Plume
9
18
Fork 24
Code Issues 177 Pull requests 8 Releases 8 Wiki Activity

Use LenientForm instead Form for CSRF protected pages #751

Merged
KitaitiMakoto merged 1 commit from csrf-token-in-form into master 2020-04-18 09:45:29 +00:00
Conversation 2 Commits 1 Files changed 1 +3 -3
KitaitiMakoto commented 2020-04-17 22:04:25 +00:00 (Migrated from github.com)
Copy link

Hi,

I found that password reset request(POST /password-reset) and password reset(POST /password-reset/<token>) cause 422 Unprocessable Entity because Plume attempts to parse csrf-token in form to model fields. Using LenientForm instead of Form solved this problem.

Hi, I found that password reset request(`POST /password-reset`) and password reset(`POST /password-reset/<token>`) cause 422 Unprocessable Entity because Plume attempts to parse `csrf-token` in form to model fields. Using `LenientForm` instead of `Form` solved this problem.
codecov[bot] commented 2020-04-17 22:33:34 +00:00 (Migrated from github.com)
Copy link

Codecov Report

Merging #751 into master will decrease coverage by 0.01%.
The diff coverage is 0.00%.

@@            Coverage Diff             @@
##           master     #751      +/-   ##
==========================================
- Coverage   39.01%   39.00%   -0.02%     
==========================================
  Files          73       73              
  Lines        9699     9699              
  Branches     2229     2229              
==========================================
- Hits         3784     3783       -1     
+ Misses       4787     4753      -34     
- Partials     1128     1163      +35
# [Codecov](https://codecov.io/gh/Plume-org/Plume/pull/751?src=pr&el=h1) Report > Merging [#751](https://codecov.io/gh/Plume-org/Plume/pull/751?src=pr&el=desc) into [master](https://codecov.io/gh/Plume-org/Plume/commit/c217e5e9b342304740623a4e9a8c3f189cea6f1c&el=desc) will **decrease** coverage by `0.01%`. > The diff coverage is `0.00%`. ```diff @@ Coverage Diff @@ ## master #751 +/- ## ========================================== - Coverage 39.01% 39.00% -0.02% ========================================== Files 73 73 Lines 9699 9699 Branches 2229 2229 ========================================== - Hits 3784 3783 -1 + Misses 4787 4753 -34 - Partials 1128 1163 +35 ```
elegaanz (Migrated from github.com) approved these changes 2020-04-18 09:45:23 +00:00
elegaanz (Migrated from github.com) left a comment
Copy link

Thanks :)

Thanks :)
KitaitiMakoto commented 2020-04-18 09:49:08 +00:00 (Migrated from github.com)
Copy link

Thank you for meeting!

Thank you for meeting!
Sign in to join this conversation.
Reviewers
No reviewers
elegaanz
Labels
Clear labels   
A: API

Related to the REST API

  
A: Backend

Code running on the server

  
A: Federation

Stuff related to Federation

  
A: Front-End

Related to the front-end

  
A: I18N

Translations, and related code

  
A: Meta

More about project management or code than the project itself

  
A: Security

   
Build

The building, or installation process of Plume

  
C: Bug

Something isn't working

  
C: Discussion

We need to talk

  
C: Enhancement

New feature or request

  
C: Feature

This is a new feature

  
Compatibility

Compatibility with different browsers, readers and OS

  
Dependency

Related to an external package that Plume uses

  
Design

UI/UX related issues and PRs

  
Documentation

   
Good first issue

Good for newcomers

  
Help welcome

Extra attention is needed

  
Mobile

Issues affecting only mobile UX

  
Rendering

How elements're rendered out for the end user

  
S: Blocked

Something else needs to be fixed first

  
S: Duplicate

This issue or pull request already exists

  
S: Incomplete

This PR is not complete yet

  
S: Instance specific

Issues concern a limited number of instances

  
S: Invalid

This doesn't seem right

  
S: Needs Voting/Discussion

Need to be discussed by the community (on Loomio)

  
S: Ready for review

This PR is ready to be reviewed

  
Suggestion

Proposed ideas worth considering

  
S: Voted on Loomio

This is issue has been created after a vote on Loomio

  
S: Wontfix

This will not be worked on

No labels
A: API
A: Backend
A: Federation
A: Front-End
A: I18N
A: Meta
A: Security
Build
C: Bug
C: Discussion
C: Enhancement
C: Feature
Compatibility
Dependency
Design
Documentation
Good first issue
Help welcome
Mobile
Rendering
S: Blocked
S: Duplicate
S: Incomplete
S: Instance specific
S: Invalid
S: Needs Voting/Discussion
S: Ready for review
Suggestion
S: Voted on Loomio
S: Wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: Plume/Plume#751
No description provided.
Delete branch "csrf-token-in-form"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?