https://bugzilla.wikimedia.org/show_bug.cgi?id=56275
Web browser: ---
Bug ID: 56275
Summary: OpenStackManager: Instance actions via
Special:NovaInstance should be protected by a nonce
Product: MediaWiki extensions
Version: unspecified
Hardware: All
OS: All
Status: NEW
Severity: normal
Priority: Unprioritized
Component: OpenStackManager
Assignee: [email protected]
Reporter: [email protected]
Classification: Unclassified
Mobile Platform: ---
I just accidentally rebooted an instance that I already rebooted a few hours
earlier by re-opening the tab the POST request was on (seems Chrome no longer
shows the "Are you sure you want to resubmit?" dialog when refreshing a POST
submission page response).
Seems sensible to use a nonce maybe (at least in the front-end, not sure about
the API).
The API doesn't need it for AJAX either, since such interface isn't subject to
accidental refresh (you'd have to purposely click it again). This is about the
non-AJAX link targets such as "Actions: reboot" on a nova instance description
page.
--
You are receiving this mail because:
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
[email protected]
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
