[Nix-commits] [NixOS/hydra] bbe45e: Remove Persona support

Eelco Dolstra Thu, 20 Oct 2016 07:40:16 -0700

  Branch: refs/heads/master
  Home:   https://github.com/NixOS/hydra
  Commit: bbe45ed8443d49bec45f333ed210ee127cb667e6
      
https://github.com/NixOS/hydra/commit/bbe45ed8443d49bec45f333ed210ee127cb667e6
  Author: Eelco Dolstra <edols...@gmail.com>
  Date:   2016-10-20 (Thu, 20 Oct 2016)


  Changed paths:
    M src/lib/Hydra/Controller/Root.pm
    M src/lib/Hydra/Controller/User.pm
    M src/root/auth.tt
    M src/root/layout.tt
    M src/root/topbar.tt
    M src/script/hydra-create-user
    M src/sql/hydra.sql

  Log Message:
  -----------
  Remove Persona support

Persona is no longer supported by Mozilla, so let's remove it.


  Commit: c928c41ee1f15776df85551c8df918643e5717bd
      
https://github.com/NixOS/hydra/commit/c928c41ee1f15776df85551c8df918643e5717bd
  Author: Eelco Dolstra <edols...@gmail.com>
  Date:   2016-10-20 (Thu, 20 Oct 2016)

  Changed paths:
    M src/lib/Hydra/Controller/Root.pm

  Log Message:
  -----------
  Add XSRF protection for POST requests

Some Hydra API requests were vulnerable to XSRF attacks, e.g. you
could have a form on another website using http://hydra/logout as the
form action. So we now require POST requests to come from the same
origin.

Reported by Hans-Christian Esperer.


Compare: https://github.com/NixOS/hydra/compare/e0b2921ff2f7...c928c41ee1f1

_______________________________________________
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits

[Nix-commits] [NixOS/hydra] bbe45e: Remove Persona support

Reply via email to