Thanks for filling in the blanks Rajani! -- Erik
On Wed, May 27, 2015 at 7:32 AM, Rajani Karuturi <raj...@apache.org> wrote: > On Wed, May 27, 2015 at 3:23 AM, Erik Weber <terbol...@gmail.com> wrote: > > > This is a perfect example of why we should use Jira for (almost all) > > commits. > > > > We know what this commit does, but we have to guess why it was done this > > way. > > And we don't know how to reproduce the original issue. > > > > It references what I believe to be an internal Citrix Jira/tracking#, so > if > > anyone that works at Citrix could check this it would be great > > > > CLOUDSTACK-5242 is the ACS issue id for this (accessible only to security > list) > > The commit was done by Jessica for CloudPlatform and the patch was provided > to ACS by another colleague in her absence(she is no longer with citrix) > and is committed by Rohit. > May be thats the reason for wrong issue ids as the author didnt share the > patch. > > This was discussed on the security list. This is the last comment I see > about it > > " > On Fri, Mar 13, 2015 at 8:21 PM, Demetrius Tsitrelis > <dtsitre...@live.com> wrote: > > https://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project is a > JavaEE > > filter. It simply rewrites AJAX requests to contain the CSRF protection > > token as a header. This would not require the code changes as does > Jessica's > > patch and it would leave the existing session key value in place so as > not > > to affect the UI. > " > > ~ Rajani > > > > > > -- > > Erik > > > > On Tue, May 26, 2015 at 11:39 PM, rsafonseca <g...@git.apache.org> wrote: > > > > > GitHub user rsafonseca opened a pull request: > > > > > > https://github.com/apache/cloudstack/pull/308 > > > > > > Reinstate working sessions in browser > > > > > > I've seen that session persistence stopped working due to > > > > > > https://github.com/apache/cloudstack/commit/19e3c0168e744a76b5e1dc24a5eafa776d342404 > > > From what I could gather from the comments, this was done to fix > > issue > > > where separate instances of management servers could exist within the > > same > > > domain. > > > I've fixed the above mentioned issue by prepending the location's > > > hostname, in order to allow both sessions to co-exist without clashing. > > > This also removes the need for this fix > > > > > > https://github.com/apache/cloudstack/commit/6c71d3bae1a3a72a9fa4004decdba4a7174f6913 > > > > > > > > > > > > > > > You can merge this pull request into a Git repository by running: > > > > > > $ git pull https://github.com/rsafonseca/cloudstack fixsessions > > > > > > Alternatively you can review and apply these changes as the patch at: > > > > > > https://github.com/apache/cloudstack/pull/308.patch > > > > > > To close this pull request, make a commit to your master/trunk branch > > > with (at least) the following in the commit message: > > > > > > This closes #308 > > > > > > ---- > > > commit ef4a2f6c592a911dc12c63ef30ed3028ce56e2da > > > Author: Rafael da Fonseca <rsafons...@gmail.com> > > > Date: 2015-05-26T21:29:11Z > > > > > > Reinstate working sessions in browser while fixing same domain > > > different instance issue > > > > > > ---- > > > > > > > > > --- > > > If your project is set up for it, you can reply to this email and have > > your > > > reply appear on GitHub as well. If your project does not have this > > feature > > > enabled and wishes so, or if the feature is enabled but not working, > > please > > > contact infrastructure at infrastruct...@apache.org or file a JIRA > > ticket > > > with INFRA. > > > --- > > > > > >
