On Wed, May 27, 2015 at 3:23 AM, Erik Weber <terbol...@gmail.com> wrote:
> This is a perfect example of why we should use Jira for (almost all) > commits. > > We know what this commit does, but we have to guess why it was done this > way. > And we don't know how to reproduce the original issue. > > It references what I believe to be an internal Citrix Jira/tracking#, so if > anyone that works at Citrix could check this it would be great > CLOUDSTACK-5242 is the ACS issue id for this (accessible only to security list) The commit was done by Jessica for CloudPlatform and the patch was provided to ACS by another colleague in her absence(she is no longer with citrix) and is committed by Rohit. May be thats the reason for wrong issue ids as the author didnt share the patch. This was discussed on the security list. This is the last comment I see about it " On Fri, Mar 13, 2015 at 8:21 PM, Demetrius Tsitrelis <dtsitre...@live.com> wrote: > https://www.owasp.org/index.php/Category:OWASP_CSRFGuard_Project is a JavaEE > filter. It simply rewrites AJAX requests to contain the CSRF protection > token as a header. This would not require the code changes as does Jessica's > patch and it would leave the existing session key value in place so as not > to affect the UI. " ~ Rajani > > -- > Erik > > On Tue, May 26, 2015 at 11:39 PM, rsafonseca <g...@git.apache.org> wrote: > > > GitHub user rsafonseca opened a pull request: > > > > https://github.com/apache/cloudstack/pull/308 > > > > Reinstate working sessions in browser > > > > I've seen that session persistence stopped working due to > > > https://github.com/apache/cloudstack/commit/19e3c0168e744a76b5e1dc24a5eafa776d342404 > > From what I could gather from the comments, this was done to fix > issue > > where separate instances of management servers could exist within the > same > > domain. > > I've fixed the above mentioned issue by prepending the location's > > hostname, in order to allow both sessions to co-exist without clashing. > > This also removes the need for this fix > > > https://github.com/apache/cloudstack/commit/6c71d3bae1a3a72a9fa4004decdba4a7174f6913 > > > > > > > > > > You can merge this pull request into a Git repository by running: > > > > $ git pull https://github.com/rsafonseca/cloudstack fixsessions > > > > Alternatively you can review and apply these changes as the patch at: > > > > https://github.com/apache/cloudstack/pull/308.patch > > > > To close this pull request, make a commit to your master/trunk branch > > with (at least) the following in the commit message: > > > > This closes #308 > > > > ---- > > commit ef4a2f6c592a911dc12c63ef30ed3028ce56e2da > > Author: Rafael da Fonseca <rsafons...@gmail.com> > > Date: 2015-05-26T21:29:11Z > > > > Reinstate working sessions in browser while fixing same domain > > different instance issue > > > > ---- > > > > > > --- > > If your project is set up for it, you can reply to this email and have > your > > reply appear on GitHub as well. If your project does not have this > feature > > enabled and wishes so, or if the feature is enabled but not working, > please > > contact infrastructure at infrastruct...@apache.org or file a JIRA > ticket > > with INFRA. > > --- > > >
