Turn off request forgery protection for milestone action to permit public caching of level pages#4804
Merged
Merged
Conversation
Contributor
Author
|
@wjordan or @mehalshah: This is needed for public caching of level pages. |
Contributor
|
LGTM |
Contributor
Author
|
I need to look into the circleci timeout failure and see if it's spurious or related. |
Contributor
Author
|
I determined that the timeout reproduced on staging as well and is unrelated to this change. I am experimenting with increasing the timeout to see if that resolves the issue. |
philbogle
added a commit
that referenced
this pull request
Oct 26, 2015
Turn off request forgery protection for milestone action to permit public caching of level pages
deploy-code-org
added a commit
that referenced
this pull request
Oct 26, 2015
a2c918c Merge pull request #4804 from code-dot-org/no_request_forgery (philbogle) 711da5b Merge commit 'a1a312f' into no_request_forgery (Phil Bogle) cddfa8e Merge pull request #4802 from code-dot-org/require_relative (philbogle) a1a312f Increase app JS test timeout to reduce flakes (Phil Bogle) 4aae596 Automatically built. (Continuous Integration) f2e49e9 Merge pull request #4806 from code-dot-org/hoc2015newsounds (Brendan Reville)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Turn off request forgery protection for the milestone action in the activities controller in order to permit public caching of the level pages. (Request forgery protection depends on generating a unique secret for each session and so is incompatible with public caching.)
As the comments explain, it is necessary to explicitly turn it off for the milestone action because default RFP is inherited from ApplicationController.