Page MenuHomePhabricator
Create Task
Maniphest T365182

MPIC - Add double-submit cookie when launching a new instrument
Open, Needs TriagePublic3 Estimated Story Points
Actions

Description

Description

To prevent Cross-Site Request Forgery we need to add a double-submit cookie when sending the POST to launch a new instrument.

Acceptance Criteria

  • Validate the double-submit cookie. If the double-submit cookie is invalid, then clear the session cookie and redirect to GET /. Otherwise, continue processing the request.

Required

  • Unit/Integration tests
  • Testing instructions
  • Documentation

Notes

https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#signed-double-submit-cookie-recommended

Details

TitleReferenceAuthorSource BranchDest Branch
Added double-submit cookie and some other login related improvementsrepos/data-engineering/mpic!32sfaciT365182-double-submit-cookiemain
Customize query in GitLab

Related Objects

Event Timeline

Sfaci created this task.Thu, May 16, 4:44 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptThu, May 16, 4:44 PM
Sfaci edited projects, added Data Products (Data Products Sprint 13); removed Data Products.Thu, May 16, 4:46 PM
Sfaci mentioned this in T360734: [User Story] Build the MPIC API endpoints - POST.Thu, May 16, 4:49 PM
cjming moved this task from Backlog to Metrics Platform Instrument Configurator on the Metrics Platform Backlog board.Mon, May 20, 7:25 PM
Sfaci set the point value for this task to 3.Mon, May 20, 7:37 PM
Sfaci moved this task from Sprint Backlog to In Process on the Data Products (Data Products Sprint 13) board.Wed, May 22, 6:20 PM
Sfaci claimed this task.Thu, May 23, 8:19 AM
WDoranWMF moved this task from In Process to wormhole to Sprint 14 on the Data Products (Data Products Sprint 13) board.Mon, May 27, 3:54 PM
WDoranWMF edited projects, added Data Products (Data Products Sprint 14); removed Data Products (Data Products Sprint 13).
WDoranWMF moved this task from Sprint Backlog to In Process on the Data Products (Data Products Sprint 14) board.
Sfaci moved this task from In Process to Paused on the Data Products (Data Products Sprint 14) board.Wed, May 29, 10:45 AM
Sfaci moved this task from Paused to In Process on the Data Products (Data Products Sprint 14) board.Wed, May 29, 12:54 PM
Sfaci moved this task from In Process to Code Review / Tech Input on the Data Products (Data Products Sprint 14) board.Thu, May 30, 2:38 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL