Issue 590 - Implement CSRF protection #594
Conversation
| @@ -18,6 +18,12 @@ parts += | |||
| rebuild_i18n-sh | |||
| robot | |||
|
|
|||
| eggs += | |||
There was a problem hiding this comment.
@rodfersou please remove from here
| @@ -66,3 +72,7 @@ scripts = | |||
| coverage = | |||
| # use latest version of setuptools | |||
| setuptools = | |||
| plone.keyring = 3.0.1 | |||
There was a problem hiding this comment.
@rodfersou if needed, this should be included in versions-4.3.x.cfg instead
| @@ -18,6 +18,9 @@ parts += | |||
| rebuild_i18n-sh | |||
| robot | |||
|
|
|||
| test-eggs += | |||
| plone4.csrffixes | |||
|
|
|||
There was a problem hiding this comment.
@hvelarde should I run this just in 4.3 version? If so, I need to figure out when CSRF is enabled into RF test.
There was a problem hiding this comment.
@rodfersou no, we have to test this in all Plone versions supported by the package; figuring out how is the hard part.
There was a problem hiding this comment.
ok, then I'll replicate the pins into all versions 4.x files
rodfersou
force-pushed
the
issue_590
branch
4 times, most recently
from
37bac47 to
faf6008
Compare
|
@hvelarde finally green |
| @@ -18,6 +18,9 @@ parts += | |||
| rebuild_i18n-sh | |||
| robot | |||
|
|
|||
| test-eggs += | |||
There was a problem hiding this comment.
@rodfersou this should be added on a version basis also or we will end with the package installed in Plone 5
|
@idgserpro comments? |
rodfersou
force-pushed
the
issue_590
branch
4 times, most recently
from
38866d8 to
24264e1
Compare
idgserpro
force-pushed
the
issue_590
branch
5 times, most recently
from
3b54d43 to
5cdea1c
Compare
idgserpro
force-pushed
the
issue_590
branch
4 times, most recently
from
c21e49d to
f4711a1
Compare
idgserpro
force-pushed
the
issue_590
branch
2 times, most recently
from
d10d4b2 to
64fa546
Compare
idgserpro
force-pushed
the
issue_590
branch
5 times, most recently
from
b24c711 to
ed518b9
Compare
Fix some broken builds: https://travis-ci.org/collective/collective.cover/builds/128352379 https://travis-ci.org/collective/collective.cover/builds/128367247 https://travis-ci.org/collective/collective.cover/builds/128375390 Errors: KEYWORD BuiltIn . Sleep 2s, Wait for content tree to load Documentation: Pauses the test executed for the given time. Start / End / Elapsed: 20160418 15:49:18.810 / 20160418 15:49:20.813 / 00:00:02.003 15:49:20.812 INFO Slept 2 seconds 15:49:20.812 INFO Wait for content tree to load 00:00:00.581KEYWORD Selenium2Library . Input Text css=#content-trees input, file Documentation: Types the given `text` into text field identified by `locator`. Start / End / Elapsed: 20160418 15:49:20.813 / 20160418 15:49:21.394 / 00:00:00.581 00:00:00.060KEYWORD Selenium2Library . Capture Page Screenshot 15:49:20.814 INFO Typing text 'file' into text field 'css=#content-trees input' 15:49:21.394 FAIL ElementNotVisibleException: Message: Element is not currently visible and so may not be interacted with
In essence, this is needed for Plone 5 only. Plone 4 installations that have plone4.csrffixes and plone.protect >= 3.0.x don't need it. Check plone/plone.protect#42 for mode details.
|
The authenticator is only necessary in Plone 5. See: |
|
@idgserpro please restore the branch and reopen the PR; this is work that will need to be retaken at some point in the future; makes no harm to have it here. |
|
protect.js was added in plone.protect: |
closes #590