Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SIDM-4178 Fix reverse tabnabbing vulnerability. #441

Merged
2 commits merged into from
Aug 19, 2020
Merged

SIDM-4178 Fix reverse tabnabbing vulnerability. #441

2 commits merged into from
Aug 19, 2020

Conversation

ghost
Copy link

@ghost ghost commented Aug 19, 2020

https://tools.hmcts.net/jira/browse/SIDM-4178

Change description

Fix reverse tabnabbing vulnerability.

Does this PR introduce a breaking change? (check one with "x")

[ ] Yes
[x] No

@ghost ghost requested a review from shravanmechineni August 19, 2020 08:22
@jenkins-reform-hmcts jenkins-reform-hmcts temporarily deployed to preview August 19, 2020 08:28 Inactive
@jenkins-reform-hmcts jenkins-reform-hmcts temporarily deployed to preview August 19, 2020 08:58 Inactive
@sonarqubecloud
Copy link

Kudos, SonarCloud Quality Gate passed!

Bug A 0 Bugs
Vulnerability A 0 Vulnerabilities (and Security Hotspot 0 Security Hotspots to review)
Code Smell A 0 Code Smells

87.5% 87.5% Coverage
0.0% 0.0% Duplication

@jenkins-reform-hmcts jenkins-reform-hmcts temporarily deployed to preview August 19, 2020 10:10 Inactive
@ghost ghost merged commit 2ab437e into preview Aug 19, 2020
ghost pushed a commit that referenced this pull request Aug 20, 2020
@shravanmechineni @tbamido @dfourn
preview -> nightly-dev (#445)
9452230 
* SIDM-4413 SIDM-4414 SIDM-4416 Welsh translations for SSO messages. (#439)

* SIDM-4178 Fix reverse tabnabbing vulnerability. (#441)

Co-authored-by: Shravan Mechineni <shravanmechineni5@gmail.com>

* SIDM-4641 sso feature flag (#440)

* SIDM-4641 Disable SSO login button when the feature flag is off.

* SIDM-4641 Unit test fix.

* SIDM-4641 Make the SSO feature flag controlled by an env variable.

* SIDM-4641 Rename the injected env variable.

* Update src/main/resources/application.yaml

Co-authored-by: tbamido <50667636+tbamido@users.noreply.github.com>

Co-authored-by: tbamido <50667636+tbamido@users.noreply.github.com>

* Ignore checked pa11y warnings. (#443)

* Sidm 4178 zapscanner issues (#444)

* SIDM-4178 Add base url tag to eliminate issues with relative URLs.

* SIDM-4178 Add new interceptor rejecting TRACE and OPTIONS http method in conjunction with Max-Forwards http heder.

* SIDM-4178 Add test code coverage.

* SIDM-4178 Fix an issue with an incorrect password reset relative url.

* SIDM-4178 Fix an issue with an incorrect user activation relative url + Sonar.

Co-authored-by: Shravan Mechineni <shravanmechineni5@gmail.com>
Co-authored-by: tbamido <50667636+tbamido@users.noreply.github.com>
Co-authored-by: dfourn <daniel.patynski@amido.com>
@jburke-idam jburke-idam deleted the SIDM-4178-reverse-tabnabbing branch December 11, 2020 16:58
This pull request was closed.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
ns:idam prd:idam
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@shravanmechineni @henrydobson @nikola-naydenov-hmcts @jenkins-reform-hmcts