7
3%
master: 3%

Ran 23 Mar 2017 05:54AM UTC

Files 358

Run time 15s

Badge

Embed ▾

Committed 23 Mar 2017 05:38AM UTC coverage: 91.134%. Remained the same

Job # TEST_SUITE=backend

Build Type

push

travis-ci

Committed by

timabbott

Commit Message

reload: Fix passing data to next browser session.

Apparently, Django's CSRF protection mechanism changed at some point,
and now we get a different CSRF token every time the webapp is loaded.
This, in turn, caused our reload logic to avoid losing state to be
completely ineffective, since the CSRF check in reload.initialize
always failed.

We fix this in a secure fashion by passing the reload instructions
from the browser to its reloaded self via localstorage, keyed by a
randomly generated token.  The token randomization is primarily
relevant for handling several Zulip tabs in the same browser, but also
servers to make it very difficult for an attacker to ever trigger this
code path by redirecting a browser to `/#reload` URLs.

Fixes #3411.
Fixes #3687.

Run Details

29142 of 31977 relevant lines covered (91.13%)

0.91 hits per line

zulip / zulip / 1714 / 7
3%
master: 3%

README BADGES
x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 1714.7 (TEST_SUITE=backend)

zulip / zulip / 1714 / 7 3% master: 3%

README BADGES x

Markdown

Textile

RDoc

HTML

Rst

Source Files on job 1714.7 (TEST_SUITE=backend)

zulip / zulip / 1714 / 7
3%
master: 3%

README BADGES
x