origin_save: Reject save request when origin URL contains a password
f2d6fec278db
Actions

Description

origin_save: Reject save request when origin URL contains a password

For obvious security reasons, do not accept a Save Code Now request
for an origin URL containing a password in it as the list of submitted
requests are publicly browsable from the Web UI.

Nevertheless accept origin URLs with anonymous credentials (CVS ones
for instance).

Related to T4240

Details

Provenance

anlambert	Authored on May 17 2022, 5:29 PM
anlambert	Pushed on May 18 2022, 11:12 AM

Differential Revision

D7843: origin_save: Reject save request when origin URL contains a password

Parents

rDWAPPSf65bb5bc8446: package.json: Upgrade dependencies

Branches

Unknown

Tags

Unknown

References

tag: v0.0.390

Tasks

T4240: Do not accept save requests with credentials leaked in the origin URL

Build Status

Buildable 29443
Build 46017: test-and-build	Jenkins console · Jenkins

Changes (4)

Path

Size

assets/

src/

bundles/

save/

index.js

cypress/

integration/

origin-save.spec.js

swh/

web/

common/

origin_save.py

tests/

api/

views/

test_origin_save.py

rDWAPPSf2d6fec278db

View Options

assets/src/bundles/save/index.js

View Options

cypress/integration/origin-save.spec.js

View Options

swh/web/common/origin_save.py

View Options

swh/web/tests/api/views/test_origin_save.py

origin_save: Reject save request when origin URL contains a passwordf2d6fec278dbActions

Description

Details

Event Timeline

Changes (4)

rDWAPPSf2d6fec278db

assets/src/bundles/save/index.js

cypress/integration/origin-save.spec.js

swh/web/common/origin_save.py

swh/web/tests/api/views/test_origin_save.py

origin_save: Reject save request when origin URL contains a password
f2d6fec278db
Actions