cloudstack-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Erik Weber <terbol...@gmail.com>
Subject Re: [GitHub] cloudstack pull request: Reinstate working sessions in browser
Date Wed, 27 May 2015 06:21:05 GMT
Thanks for filling in the blanks Rajani!

-- 
Erik

On Wed, May 27, 2015 at 7:32 AM, Rajani Karuturi <rajani@apache.org> wrote:

> On Wed, May 27, 2015 at 3:23 AM, Erik Weber <terbolous@gmail.com> wrote:
>
> > This is a perfect example of why we should use Jira for (almost all)
> > commits.
> >
> > We know what this commit does, but we have to guess why it was done this
> > way.
> > And we don't know how to reproduce the original issue.
> >
> > It references what I believe to be an internal Citrix Jira/tracking#, so
> if
> > anyone that works at Citrix could check this it would be great
> >
>
> CLOUDSTACK-5242 is the ACS issue id for this (accessible only to security
> list)
>
> The commit was done by Jessica for CloudPlatform and the patch was provided
> to ACS by another colleague in her absence(she is no longer with citrix)
> and is committed by Rohit.
> May be thats the reason for wrong issue ids as the author didnt share the
> patch.
>
> This was discussed on the security list. This is the last comment I see
> about it
>
> "
> On Fri, Mar 13, 2015 at 8:21 PM, Demetrius Tsitrelis
> <dtsitrelis@live.com> wrote:
> > https://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project is a
> JavaEE
> > filter.  It simply rewrites AJAX requests to contain the CSRF protection
> > token as a header. This would not require the code changes as does
> Jessica's
> > patch and it would leave the existing session key value in place so as
> not
> > to affect the UI.
> "
>
> ~ Rajani
>
>
> >
> > --
> > Erik
> >
> > On Tue, May 26, 2015 at 11:39 PM, rsafonseca <git@git.apache.org> wrote:
> >
> > > GitHub user rsafonseca opened a pull request:
> > >
> > >     https://github.com/apache/cloudstack/pull/308
> > >
> > >     Reinstate working sessions in browser
> > >
> > >     I've seen that session persistence stopped working due to
> > >
> >
> https://github.com/apache/cloudstack/commit/19e3c0168e744a76b5e1dc24a5eafa776d342404
> > >     From what I could gather from the comments, this was done to fix
> > issue
> > > where separate instances of management servers could exist within the
> > same
> > > domain.
> > >     I've fixed the above mentioned issue by prepending the location's
> > > hostname, in order to allow both sessions to co-exist without clashing.
> > >     This also removes the need for this fix
> > >
> >
> https://github.com/apache/cloudstack/commit/6c71d3bae1a3a72a9fa4004decdba4a7174f6913
> > >
> > >
> > >
> > >
> > > You can merge this pull request into a Git repository by running:
> > >
> > >     $ git pull https://github.com/rsafonseca/cloudstack fixsessions
> > >
> > > Alternatively you can review and apply these changes as the patch at:
> > >
> > >     https://github.com/apache/cloudstack/pull/308.patch
> > >
> > > To close this pull request, make a commit to your master/trunk branch
> > > with (at least) the following in the commit message:
> > >
> > >     This closes #308
> > >
> > > ----
> > > commit ef4a2f6c592a911dc12c63ef30ed3028ce56e2da
> > > Author: Rafael da Fonseca <rsafonseca@gmail.com>
> > > Date:   2015-05-26T21:29:11Z
> > >
> > >     Reinstate working sessions in browser while fixing same domain
> > > different instance issue
> > >
> > > ----
> > >
> > >
> > > ---
> > > If your project is set up for it, you can reply to this email and have
> > your
> > > reply appear on GitHub as well. If your project does not have this
> > feature
> > > enabled and wishes so, or if the feature is enabled but not working,
> > please
> > > contact infrastructure at infrastructure@apache.org or file a JIRA
> > ticket
> > > with INFRA.
> > > ---
> > >
> >
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message