Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix: Remove CSRF parameter from sales-dashboard search form #3716

Merged
merged 2 commits into from
Apr 3, 2024
Merged

fix: Remove CSRF parameter from sales-dashboard search form #3716

merged 2 commits into from
Apr 3, 2024

Conversation

rolodato
Copy link
Member

@rolodato rolodato commented Apr 3, 2024

Thanks for submitting a PR! Please check the boxes below:

  • I have run pre-commit to check linting
  • I have added information to docs/ if required so people know about the feature!
  • I have filled in the "Changes" section below?
  • I have filled in the "How did you test this code" section below?
  • I have used a Conventional Commit title for this Pull Request

Changes

The search form in the Sales dashboard includes a CSRF token. This token is not validated (it can be omitted with no consequence) and it is not necessary (this is a read-only GET endpoint, so it can be safely removed).

The main benefit of removing the CSRF token is it allows us to share nicer URLs to pre-made queries, such as /sales-dashboard/?search=foo. Otherwise, the search URLs look like /sales-dashboard/?csrfmiddlewaretoken=obnoxiously_long_random_string_that_appears_before_the_actual_search_term&search=foo.

How did you test this code?

Manually in development only. I've confirmed that this endpoint in production also does not validate the presence of the csrfmiddleware parameter.

@vercel Vercel
Copy link

vercel bot commented Apr 3, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback Apr 3, 2024 7:42pm

@vercel Vercel
Copy link

vercel bot commented Apr 3, 2024

@rolodato is attempting to deploy a commit to the Flagsmith Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions bot added the api Issue related to the REST API label Apr 3, 2024
khvn26
khvn26 approved these changes Apr 3, 2024
View reviewed changes
Copy link
Member

@khvn26 khvn26 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks good 👍

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Apr 3, 2024
edited
Loading

Uffizzi Preview deployment-49446 was deleted.

@codecov-commenter
Copy link

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.89%. Comparing base (d5f76ff) to head (83bbc77).

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3716   +/-   ##
=======================================
  Coverage   95.89%   95.89%           
=======================================
  Files        1101     1101           
  Lines       34681    34681           
=======================================
  Hits        33256    33256           
  Misses       1425     1425

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@rolodato rolodato added this pull request to the merge queue Apr 3, 2024
Merged via the queue into Flagsmith:main with commit 1e75ae9 Apr 3, 2024
20 of 23 checks passed
@rolodato rolodato deleted the remove-sales-dashboard-search-csrf branch April 3, 2024 20:02
@dabeeeenster dabeeeenster mentioned this pull request Apr 3, 2024
Merged
@dabeeeenster dabeeeenster mentioned this pull request Apr 18, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@khvn26 khvn26 khvn26 approved these changes

@matthewelwell matthewelwell matthewelwell approved these changes

Assignees
No one assigned
Labels
api Issue related to the REST API
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@rolodato @codecov-commenter @khvn26 @matthewelwell