Page MenuHomePhabricator

Disable CSRF checks on Git push when updating repository.
ClosedPublic

Authored by hach-que on Nov 4 2013, 7:32 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Mar 19, 1:39 AM
Unknown Object (File)
Tue, Mar 12, 12:42 AM
Unknown Object (File)
Feb 5 2024, 8:44 AM
Unknown Object (File)
Jan 28 2024, 6:19 PM
Unknown Object (File)
Jan 20 2024, 12:24 AM
Unknown Object (File)
Jan 20 2024, 12:24 AM
Unknown Object (File)
Jan 20 2024, 12:20 AM
Unknown Object (File)
Jan 19 2024, 11:41 PM

Details

Summary

This disables CSRF checking around the $repository->writeStatusMessage so that pushing changes over HTTP to Git repositories doesn't fail miserably.

Test Plan

Applied this fix and I could git push to hosted repositories again.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped

Event Timeline

A slightly better approach is:

$unguarded = AphrontWriteGuard::beginScopedUnguardedWrites();
// ...
unset($unguarded);

This does the right thing if the intervening code throws an exception. I'll tweak that in the pull. Thanks!

I also made a small change to populate:

'REMOTE_USER' => $viewer->getUsername(),

...since Git seemed cranky without it when I was testing the $unguarded flavor.

Closed by commit rP3e2efaf00e57 (authored by @hach-que, committed by @epriestley).