Detect developer error when constructing forms with absolute URIs
ClosedPublic
Actions

Authored by epriestley on Jan 23 2014, 7:21 PM.

Tags

None

Referenced Files

	F14369320: D8044.diff
	Fri, Dec 20, 4:42 PM

	Unknown Object (File)
	Sun, Dec 15, 5:24 PM

	Unknown Object (File)
	Sun, Dec 15, 5:24 PM

	Unknown Object (File)
	Sun, Dec 15, 5:24 PM

	Unknown Object (File)
	Sun, Dec 15, 5:24 PM

	Unknown Object (File)
	Mon, Dec 9, 1:47 AM

	Unknown Object (File)
	Thu, Dec 5, 10:05 PM

	Unknown Object (File)
	Thu, Dec 5, 12:20 PM

View All Files

Subscribers

aran

Details

Reviewers

btrahan

Maniphest Tasks

T4339: Support CSRF for logged-out users
Restricted Maniphest Task

Commits

Restricted Diffusion Commit
rPa2515921b635: Detect developer error when constructing forms with absolute URIs

Summary

Ref T1921. Ref T4339. If you phabricator_form() with an absolute URI, we silently drop the CSRF tokens. This can be confusing if you meant to specify "/some/path" but ended up specifying "http://this.install.com/some/path". In all current cases that I can think of / am aware of, this indicates an error in the code. Make it more obvious what's happening and how to fix it. The error only fires in developer mode.

Test Plan

Hit this case, also rendered normal forms.

Diff Detail

Lint

Lint Skipped

Unit

Tests Skipped

Event Timeline

btrahan accepted this revision.Jan 23 2014, 9:49 PM

Closed by commit rPa2515921b635 (authored by @epriestley).

Revision Contents
Changeset List

Path

Size

src/

infrastructure/

javelin/

markup.php

57 lines

Diff 18211

View Options

src/infrastructure/javelin/markup.php

Detect developer error when constructing forms with absolute URIsClosedPublicActions