Skip to main content

Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

    •  
      request #11421 Make global search form submitting data with a GET request
    Actions
    Infos
    #11421
    Thomas Gerbet (tgerbet)
    2018-04-20 10:52
    2018-04-20 08:59
    11738
    Details
    Make global search form submitting data with a GET request
    Currently on FlamingParrot pages or when we use the form directly on the search page data are submitted with a POST request.
    However, searching something does not change the state on the server so using a POST request breaks the semantic defined in RFC7231 and it triggers false positive in security scanner tools since the form is not protected (and does need to be) against CSRF.

    The behavior of this form should be aligned to what's being done in BurningParrot pages: submitting the form with a GET request.
    Other
    All
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Closed
    2018-04-20
    Attachments
    Artifact links

    Releases

    Fixed in

    Artifact ID Project Tracker Summary Status Last Update Date Submitted By Assigned to
    rel #10995 Tuleap Releases 10.0 Delivered 2018-04-26 12:21 Manuel Vacelet (vaceletm)
    Empty
    References
    Referencing request #11421

    Git commit

    tuleap/tuleap/stable

    Merge commit 'refs/changes/33/11133/2' of ssh://gerrit.tuleap.net:29418/tuleap into HEAD d784211010
    User avatar Nicolas Terray (nterray) , 2018-04-20 10:54
    request #11421: Make global search form submitting data with a GET request 1d93323e8b
    User avatar Thomas Gerbet (tgerbet) , 2018-04-20 09:50
    Referenced by request #11421

    Artifact Tracker v5

    rel #10995 10.0

    Other

    gerrit #11133
    Display settings

    Follow-ups

    User avatar
    Nicolas Terray (nterray)2018-04-20 10:52
    gerrit #11133 integrated into Tuleap 9.19.99.146
    • Original Submission
      Something went wrong, the follow up content couldn't be loaded
      Only formatting have been changed, you should switch to markup to see the changes
    • Status changed from Under review to Closed
    • Connected artifacts
    • Close date set to 2018-04-20