Support CSRF for logged-out users
f9ac534f255d
Actions

Description

Support CSRF for logged-out users

Summary: Fixes T4339. If you're anonymous, we use a digest of your session key to generate a CSRF token. Otherwise, everything works normally.

Test Plan: Logged out, logged in, tweaked CSRF in forms -- I'll add some inlines.

Reviewers: btrahan

Reviewed By: btrahan

CC: aran

Maniphest Tasks: T4339

Differential Revision: https://secure.phabricator.com/D8046

Details

Provenance

epriestley	Authored on Jan 23 2014, 2:03 PM
themackabu	Pushed on Mar 25 2025, 8:07 PM

Parents

rP24544b1a2f24: Straighten out absolute/relative URIs in login providers

Branches

Unknown

Tags

Unknown

Event Timeline

Changes (5)

Path

Size

src/

aphront/

AphrontRequest.php

applications/

auth/

provider/

PhabricatorAuthProviderPassword.php

base/

controller/

PhabricatorController.php

people/

storage/

PhabricatorUser.php

view/

page/

PhabricatorStandardPageView.php

rPf9ac534f255d

View Options

src/aphront/AphrontRequest.php

View Options

src/applications/auth/provider/PhabricatorAuthProviderPassword.php

View Options

src/applications/base/controller/PhabricatorController.php

View Options

src/applications/people/storage/PhabricatorUser.php

View Options

src/view/page/PhabricatorStandardPageView.php

Support CSRF for logged-out usersf9ac534f255dActions

Description

Details

Event Timeline

Changes (5)

rPf9ac534f255d

src/aphront/AphrontRequest.php

src/applications/auth/provider/PhabricatorAuthProviderPassword.php

src/applications/base/controller/PhabricatorController.php

src/applications/people/storage/PhabricatorUser.php

src/view/page/PhabricatorStandardPageView.php

Support CSRF for logged-out users
f9ac534f255d
Actions