Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
李少辉-开发者
gitlab-foss
提交
b9cee4ba
G
gitlab-foss
项目概览
李少辉-开发者
/
gitlab-foss
通知
15
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
G
gitlab-foss
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
b9cee4ba
编写于
8月 30, 2018
作者:
S
Stan Hu
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Set issuable_sort and diff_view cookies to secure when possible
Closes #49120
上级
ba99dfcd
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
52 addition
and
5 deletion
+52
-5
app/controllers/concerns/issuable_collections.rb
app/controllers/concerns/issuable_collections.rb
+8
-4
app/controllers/projects/application_controller.rb
app/controllers/projects/application_controller.rb
+2
-1
app/helpers/cookies_helper.rb
app/helpers/cookies_helper.rb
+9
-0
changelogs/unreleased/sh-set-secure-cookies.yml
changelogs/unreleased/sh-set-secure-cookies.yml
+5
-0
spec/controllers/concerns/issuable_collections_spec.rb
spec/controllers/concerns/issuable_collections_spec.rb
+28
-0
未找到文件。
app/controllers/concerns/issuable_collections.rb
浏览文件 @
b9cee4ba
module
IssuableCollections
extend
ActiveSupport
::
Concern
include
CookiesHelper
include
SortingHelper
include
Gitlab
::
IssuableMetadata
include
Gitlab
::
Utils
::
StrongMemoize
...
...
@@ -107,11 +108,14 @@ module IssuableCollections
end
def
set_sort_order_from_cookie
cookies
[
remember_sorting_key
]
=
params
[
:sort
]
if
params
[
:sort
].
present?
sort_param
=
params
[
:sort
]
if
params
[
:sort
].
present?
# fallback to legacy cookie value for backward compatibility
cookies
[
remember_sorting_key
]
||=
cookies
[
'issuable_sort'
]
cookies
[
remember_sorting_key
]
=
update_cookie_value
(
cookies
[
remember_sorting_key
])
params
[
:sort
]
=
cookies
[
remember_sorting_key
]
sort_param
||=
cookies
[
'issuable_sort'
]
sort_param
||=
cookies
[
remember_sorting_key
]
sort_value
=
update_cookie_value
(
sort_param
)
set_secure_cookie
(
remember_sorting_key
,
sort_value
)
params
[
:sort
]
=
sort_value
end
def
remember_sorting_key
...
...
app/controllers/projects/application_controller.rb
浏览文件 @
b9cee4ba
class
Projects::ApplicationController
<
ApplicationController
include
CookiesHelper
include
RoutableActions
include
ChecksCollaboration
...
...
@@ -74,7 +75,7 @@ class Projects::ApplicationController < ApplicationController
end
def
apply_diff_view_cookie!
cookies
.
permanent
[
:diff_view
]
=
params
.
delete
(
:view
)
if
params
[
:view
].
present?
set_secure_cookie
(
:diff_view
,
params
.
delete
(
:view
),
permanent:
true
)
if
params
[
:view
].
present?
end
def
require_pages_enabled!
...
...
app/helpers/cookies_helper.rb
0 → 100644
浏览文件 @
b9cee4ba
# frozen_string_literal: true
module
CookiesHelper
def
set_secure_cookie
(
key
,
value
,
httponly:
false
,
permanent:
false
)
cookie_jar
=
permanent
?
cookies
.
permanent
:
cookies
cookie_jar
[
key
]
=
{
value:
value
,
secure:
Gitlab
.
config
.
gitlab
.
https
,
httponly:
httponly
}
end
end
changelogs/unreleased/sh-set-secure-cookies.yml
0 → 100644
浏览文件 @
b9cee4ba
---
title
:
Set issuable_sort, diff_view, and perf_bar_enabled cookies to secure when possible
merge_request
:
21442
author
:
type
:
security
spec/controllers/concerns/issuable_collections_spec.rb
浏览文件 @
b9cee4ba
...
...
@@ -21,6 +21,34 @@ describe IssuableCollections do
controller
end
describe
'#set_set_order_from_cookie'
do
describe
'when sort param given'
do
let
(
:cookies
)
{
{}
}
let
(
:params
)
{
{
sort:
'downvotes_asc'
}
}
it
'sets the cookie with the right values and flags'
do
allow
(
controller
).
to
receive
(
:cookies
).
and_return
(
cookies
)
controller
.
send
(
:set_sort_order_from_cookie
)
expect
(
cookies
[
'issue_sort'
]).
to
eq
({
value:
'popularity'
,
secure:
false
,
httponly:
false
})
end
end
describe
'when cookie exists'
do
let
(
:cookies
)
{
{
'issue_sort'
=>
'id_asc'
}
}
let
(
:params
)
{
{}
}
it
'sets the cookie with the right values and flags'
do
allow
(
controller
).
to
receive
(
:cookies
).
and_return
(
cookies
)
controller
.
send
(
:set_sort_order_from_cookie
)
expect
(
cookies
[
'issue_sort'
]).
to
eq
({
value:
'created_asc'
,
secure:
false
,
httponly:
false
})
end
end
end
describe
'#page_count_for_relation'
do
let
(
:params
)
{
{
state:
'opened'
}
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录