Last modified: 2013-10-28 20:33:33 UTC

Wikimedia Bugzilla is closed!

Wikimedia migrated from Bugzilla to Phabricator. Bug reports are handled in Wikimedia Phabricator.
This static website is read-only and for historical purposes. It is not possible to log in and except for displaying bug reports and their history, links might be broken. See T58275, the corresponding Phabricator task for complete and up-to-date bug report information.
First Last Prev Next    This bug is not in your last search results.
Bug 56275 - OpenStackManager: Instance actions via Special:NovaInstance should be protected by a nonce
OpenStackManager: Instance actions via Special:NovaInstance should be protect...
Status: NEW
Product: MediaWiki extensions
Classification: Unclassified
OpenStackManager (Other open bugs)
unspecified
All All
: Unprioritized normal (vote)
: ---
Assigned To: Ryan Lane
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2013-10-28 20:33 UTC by Krinkle
Modified: 2013-10-28 20:33 UTC (History)
0 users

See Also:
Web browser: ---
Mobile Platform: ---
Assignee Huggle Beta Tester: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Description Krinkle 2013-10-28 20:33:33 UTC 
I just accidentally rebooted an instance that I already rebooted a few hours earlier by re-opening the tab the POST request was on (seems Chrome no longer shows the "Are you sure you want to resubmit?" dialog when refreshing a POST submission page response).

Seems sensible to use a nonce maybe (at least in the front-end, not sure about the API).

The API doesn't need it for AJAX either, since such interface isn't subject to accidental refresh (you'd have to purposely click it again). This is about the non-AJAX link targets such as "Actions: reboot" on a nova instance description page.
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.

Navigation
Links