Page MenuHomePhabricator

Detect developer error when constructing forms with absolute URIs
ClosedPublic

Authored by epriestley on Jan 23 2014, 7:21 PM.
Tags
None
Referenced Files
Unknown Object (File)
Sun, Dec 15, 5:24 PM
Unknown Object (File)
Sun, Dec 15, 5:24 PM
Unknown Object (File)
Sun, Dec 15, 5:24 PM
Unknown Object (File)
Sun, Dec 15, 5:24 PM
Unknown Object (File)
Mon, Dec 9, 1:47 AM
Unknown Object (File)
Thu, Dec 5, 10:05 PM
Unknown Object (File)
Thu, Dec 5, 12:20 PM
Unknown Object (File)
Thu, Dec 5, 12:00 PM
Subscribers

Details

Reviewers
btrahan
Maniphest Tasks
T4339: Support CSRF for logged-out users
Restricted Maniphest Task
Commits
Restricted Diffusion Commit
rPa2515921b635: Detect developer error when constructing forms with absolute URIs
Summary

Ref T1921. Ref T4339. If you phabricator_form() with an absolute URI, we silently drop the CSRF tokens. This can be confusing if you meant to specify "/some/path" but ended up specifying "http://this.install.com/some/path". In all current cases that I can think of / am aware of, this indicates an error in the code. Make it more obvious what's happening and how to fix it. The error only fires in developer mode.

Test Plan

Hit this case, also rendered normal forms.

Diff Detail

Lint
Lint Skipped
Unit
Tests Skipped