Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #11421: Make global search form submitting data with a GET request

Download Browse

Searching something on the instance does not change the state on the server, as such, using a POST request breaks the semantic defined in RFC7231. It also triggers false positive in security scanner tools since the form is not protected (and does need to be) against CSRF. This contribution aligns the behavior of the global search form to what's already done in BurningParrot pages: data of the global search form is submitted with a GET request. Change-Id: Ib2925373dcf25bec6ccb6b6b3e49d89c06780ba6

+2 −2
Thomas Gerbet (tgerbet) 2018-04-20 09:04
Thomas Gerbet (tgerbet) 2018-04-20 09:50
1d93323e8b4f1426d590bd8e8fe822531f1e2456
29a57990ec24454340c64c7cbdafa1ab1924d2f5
git #tuleap/stable/1d93323e8b4f1426d590bd8e8fe822531f1e2456

Modified Files

Side by side diff
Inline diff
Name
M src/templates/search/search-bar.mustache +1 −1 Go to diff View file
M src/www/themes/FlamingParrot/templates/navbar-search-form.mustache +1 −1 Go to diff View file