[PATCH 0/1] Call csrf function in all pages to ensure cookie is sent

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH 0/1] Call csrf function in all pages to ensure cookie is sent
@ 2015-08-18 22:10 brian avery
  2015-08-18 22:11 ` [PATCH 1/1] bitbake: toastergui: " brian avery
  0 siblings, 1 reply; 6+ messages in thread
From: brian avery @ 2015-08-18 22:10 UTC (permalink / raw)
  To: bitbake-devel

Simple addition of cross site request forgery protection to base page so it is inherited everywhere.

The following changes since commit c348fa50186fb0796bc7b793c4b8d710419f2a0d:

  bitbake: toaster: move code from setup_lv_tests to setUp (2015-08-17 14:41:45 +0100)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib bavery/submit/michaelw/20150817_csrf_added_base
  http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=bavery/submit/michaelw/20150817_csrf_added_base

Michael Wood (1):
  bitbake: toastergui: Call csrf function in all pages to ensure cookie
    is sent

 lib/toaster/toastergui/templates/base.html | 1 +
 1 file changed, 1 insertion(+)

-- 
1.9.1



^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH 1/1] bitbake: toastergui: Call csrf function in all pages to ensure cookie is sent
  2015-08-18 22:10 [PATCH 0/1] Call csrf function in all pages to ensure cookie is sent brian avery
@ 2015-08-18 22:11 ` brian avery
  2015-08-19  1:41   ` Christopher Larson
  0 siblings, 1 reply; 6+ messages in thread
From: brian avery @ 2015-08-18 22:11 UTC (permalink / raw)
  To: bitbake-devel

From: Michael Wood <michael.g.wood@intel.com>

Not all pages call the csrf token template function so django does not
bother to send the cookike, this meant that all subsequent ajax calls
fail. So add this to the base template.

[YOCTO #8175]

Signed-off-by: Michael Wood <michael.g.wood@intel.com>
Signed-off-by: brian avery <avery.brian@gmail.com>
---
 lib/toaster/toastergui/templates/base.html | 1 +
 1 file changed, 1 insertion(+)

diff --git a/lib/toaster/toastergui/templates/base.html b/lib/toaster/toastergui/templates/base.html
index d75bf16..f187100 100644
--- a/lib/toaster/toastergui/templates/base.html
+++ b/lib/toaster/toastergui/templates/base.html
@@ -69,6 +69,7 @@
 
 <body style="height: 100%">
 
+  {% csrf_token %}
   <div id="loading-notification" class="alert lead text-center" style="display:none">
     Loading <i class="fa-pulse icon-spinner"></i>
   </div>
-- 
1.9.1



^ permalink raw reply related	[flat|nested] 6+ messages in thread

* Re: [PATCH 1/1] bitbake: toastergui: Call csrf function in all pages to ensure cookie is sent
  2015-08-18 22:11 ` [PATCH 1/1] bitbake: toastergui: " brian avery
@ 2015-08-19  1:41   ` Christopher Larson
  2015-08-19 14:14     ` Brian Avery
  0 siblings, 1 reply; 6+ messages in thread
From: Christopher Larson @ 2015-08-19  1:41 UTC (permalink / raw)
  To: brian avery; +Cc: bitbake-devel@lists.openembedded.org

[-- Attachment #1: Type: text/plain, Size: 740 bytes --]

On Tue, Aug 18, 2015 at 3:11 PM, brian avery <avery.brian@gmail.com> wrote:

> From: Michael Wood <michael.g.wood@intel.com>
>
> Not all pages call the csrf token template function so django does not
> bother to send the cookike, this meant that all subsequent ajax calls
> fail. So add this to the base template.
>
> [YOCTO #8175]
>
> Signed-off-by: Michael Wood <michael.g.wood@intel.com>
> Signed-off-by: brian avery <avery.brian@gmail.com>
>

Patches sent to bitbake-devel shouldn't have the 'bitbake:' commit subject
prefix, that's only appropriate in poky.
-- 
Christopher Larson
clarson at kergoth dot com
Founder - BitBake, OpenEmbedded, OpenZaurus
Maintainer - Tslib
Senior Software Engineer, Mentor Graphics

[-- Attachment #2: Type: text/html, Size: 1316 bytes --]

^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH 1/1] bitbake: toastergui: Call csrf function in all pages to ensure cookie is sent
  2015-08-19  1:41   ` Christopher Larson
@ 2015-08-19 14:14     ` Brian Avery
  2015-08-19 17:00       ` Richard Purdie
  0 siblings, 1 reply; 6+ messages in thread
From: Brian Avery @ 2015-08-19 14:14 UTC (permalink / raw)
  To: Christopher Larson; +Cc: bitbake-devel@lists.openembedded.org

Noted for the future, sorry. Figured my 1st time would be entertaining :).

Should I resubmit?

-bavery

On Tue, Aug 18, 2015 at 6:41 PM, Christopher Larson <clarson@kergoth.com> wrote:
> On Tue, Aug 18, 2015 at 3:11 PM, brian avery <avery.brian@gmail.com> wrote:
>>
>> From: Michael Wood <michael.g.wood@intel.com>
>>
>> Not all pages call the csrf token template function so django does not
>> bother to send the cookike, this meant that all subsequent ajax calls
>> fail. So add this to the base template.
>>
>> [YOCTO #8175]
>>
>> Signed-off-by: Michael Wood <michael.g.wood@intel.com>
>> Signed-off-by: brian avery <avery.brian@gmail.com>
>
>
> Patches sent to bitbake-devel shouldn't have the 'bitbake:' commit subject
> prefix, that's only appropriate in poky.
> --
> Christopher Larson
> clarson at kergoth dot com
> Founder - BitBake, OpenEmbedded, OpenZaurus
> Maintainer - Tslib
> Senior Software Engineer, Mentor Graphics


^ permalink raw reply	[flat|nested] 6+ messages in thread

* Re: [PATCH 1/1] bitbake: toastergui: Call csrf function in all pages to ensure cookie is sent
  2015-08-19 14:14     ` Brian Avery
@ 2015-08-19 17:00       ` Richard Purdie
  0 siblings, 0 replies; 6+ messages in thread
From: Richard Purdie @ 2015-08-19 17:00 UTC (permalink / raw)
  To: Brian Avery; +Cc: Christopher Larson, bitbake-devel@lists.openembedded.org

On Wed, 2015-08-19 at 07:14 -0700, Brian Avery wrote:
> Noted for the future, sorry. Figured my 1st time would be entertaining :).
> 
> Should I resubmit?

Er, I thought we already discussed this and you already did? There is
another version of the patch on the list...

Cheers,

Richard



^ permalink raw reply	[flat|nested] 6+ messages in thread

* [PATCH 0/1] Call csrf function in all pages to ensure cookie is sent
@ 2015-08-18 22:32 brian avery
  0 siblings, 0 replies; 6+ messages in thread
From: brian avery @ 2015-08-18 22:32 UTC (permalink / raw)
  To: bitbake-devel

Simple addition of cross site request forgery protection to base page so it is inherited everywhere.

The following changes since commit c348fa50186fb0796bc7b793c4b8d710419f2a0d:

  bitbake: toaster: move code from setup_lv_tests to setUp (2015-08-17 14:41:45 +0100)

are available in the git repository at:

  git://git.yoctoproject.org/poky-contrib bavery/submit/michaelw/20150817_csrf_added_base
  http://git.yoctoproject.org/cgit.cgi/poky-contrib/log/?h=bavery/submit/michaelw/20150817_csrf_added_base

Michael Wood (1):
  toastergui: Call csrf function in all pages to ensure cookie is sent

 lib/toaster/toastergui/templates/base.html | 1 +
 1 file changed, 1 insertion(+)

-- 
1.9.1



^ permalink raw reply	[flat|nested] 6+ messages in thread

end of thread, other threads:[~2015-08-19 17:01 UTC | newest]

Thread overview: 6+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-08-18 22:10 [PATCH 0/1] Call csrf function in all pages to ensure cookie is sent brian avery
2015-08-18 22:11 ` [PATCH 1/1] bitbake: toastergui: " brian avery
2015-08-19  1:41   ` Christopher Larson
2015-08-19 14:14     ` Brian Avery
2015-08-19 17:00       ` Richard Purdie
  -- strict thread matches above, loose matches on Subject: below --
2015-08-18 22:32 [PATCH 0/1] " brian avery

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.