1714
3%

Ran 23 Mar 2017 05:44AM UTC

Jobs 5

Files 0

Run time –

Badge

Embed ▾

pending completion

Build # 1714

Build Type

push

travis-ci

Committed by

timabbott

Commit Message

reload: Fix passing data to next browser session.

Apparently, Django's CSRF protection mechanism changed at some point,
and now we get a different CSRF token every time the webapp is loaded.
This, in turn, caused our reload logic to avoid losing state to be
completely ineffective, since the CSRF check in reload.initialize
always failed.

We fix this in a secure fashion by passing the reload instructions
from the browser to its reloaded self via localstorage, keyed by a
randomly generated token.  The token randomization is primarily
relevant for handling several Zulip tabs in the same browser, but also
servers to make it very difficult for an attacker to ever trigger this
code path by redirecting a browser to `/#reload` URLs.

Fixes #3411.
Fixes #3687.

Run Details

Jobs

ID	Job ID	Ran	Coverage
1	1714.1 (TEST_SUITE=static-analysis)	23 Mar 2017 05:44AM UTC		Travis Job 1714.1
2	1714.2 (TEST_SUITE=production)	23 Mar 2017 05:51AM UTC		Travis Job 1714.2
3	1714.3 (TEST_SUITE=production)	23 Mar 2017 05:50AM UTC		Travis Job 1714.3
6	1714.6 (TEST_SUITE=backend)	23 Mar 2017 05:52AM UTC	91.05	Travis Job 1714.6
7	1714.7 (TEST_SUITE=backend)	23 Mar 2017 05:54AM UTC	91.13	Travis Job 1714.7

Source Files on build 1714

Detailed source file information is not available for this build.

zulip / zulip / 1714
3%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 1714

zulip / zulip / 1714 3%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Jobs

Source Files on build 1714

zulip / zulip / 1714
3%

README BADGES
x