HomePhabricator

API: Insist authn parameters be in the POST body
2fea54ee0dc3Unpublished

Unpublished Commit · Learn More

Publishing Disabled: All publishing is disabled for this repository.

Description

API: Insist authn parameters be in the POST body

Passwords should always be submitted in the POST body, not in the query
string. Thus, a warning will now be returned if the password for
action=login or any sensitive authentication request parameters for
AuthManager actions are found in the query string.

These warnings should be upgraded to errors in 1.29.

Change-Id: Ifb2c684bb28c9acc004be2b0c2fef839eb7624aa

Details

Provenance
AnomieAuthored on Aug 18 2016, 5:36 PM
ReedyCommitted on Feb 9 2017, 4:53 PM
Parents
rMWf7e74bcc8988: InstantCommons: do not cache thumbs
Branches
Unknown
Tags
Unknown
ChangeId
Ifb2c684bb28c9acc004be2b0c2fef839eb7624aa