Nemcio/Redmine
1
0
Fork 0
mirror of https://github.com/redmine/redmine.git synced 2025-11-14 17:26:06 +01:00
Code Issues Packages Projects Releases Activity

Mark sensitive auth_source forms with Cache-Control: no-store (#42998).

Browse Source 
Patch by Holger Just (user:hjust).

git-svn-id: https://svn.redmine.org/redmine/trunk@23941 e93f8b46-1217-0410-a6f0-8f06a7374b81
This commit is contained in:
Marius Balteanu
2025-09-07 06:15:09 +00:00
parent 81d647e34d
commit 5f4ce0fe0e
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
app/controllers/auth_sources_controller.rb
View File

@@ -32,6 +32,7 @@ class AuthSourcesController < ApplicationController
end end
def new def new
no_store
end end
def create def create
@@ -39,11 +40,13 @@ class AuthSourcesController < ApplicationController
flash[:notice] = l(:notice_successful_create) flash[:notice] = l(:notice_successful_create)
redirect_to auth_sources_path redirect_to auth_sources_path
else else
no_store
render :action => 'new' render :action => 'new'
end end
end end
def edit def edit
no_store
end end
def update def update
@@ -52,6 +55,7 @@ class AuthSourcesController < ApplicationController
flash[:notice] = l(:notice_successful_update) flash[:notice] = l(:notice_successful_update)
redirect_to auth_sources_path redirect_to auth_sources_path
else else
no_store
render :action => 'edit' render :action => 'edit'
end end
end end

5
test/functional/auth_sources_controller_test.rb
View File

@@ -32,6 +32,7 @@ class AuthSourcesControllerTest < Redmine::ControllerTest
def test_new def test_new
get :new get :new
assert_response :success assert_response :success
assert_includes @response.headers['Cache-Control'], 'no-store'
assert_select 'form#auth_source_form' do assert_select 'form#auth_source_form' do
assert_select 'input[name=type][value=AuthSourceLdap]' assert_select 'input[name=type][value=AuthSourceLdap]'
@@ -88,6 +89,7 @@ class AuthSourcesControllerTest < Redmine::ControllerTest
} }
) )
assert_response :success assert_response :success
assert_includes @response.headers['Cache-Control'], 'no-store'
end end
assert_select_error /host cannot be blank/i assert_select_error /host cannot be blank/i
end end
@@ -100,6 +102,7 @@ class AuthSourcesControllerTest < Redmine::ControllerTest
} }
) )
assert_response :success assert_response :success
assert_includes @response.headers['Cache-Control'], 'no-store'
assert_select 'form#auth_source_form' do assert_select 'form#auth_source_form' do
assert_select 'input[name=?]', 'auth_source[host]' assert_select 'input[name=?]', 'auth_source[host]'
@@ -163,6 +166,8 @@ class AuthSourcesControllerTest < Redmine::ControllerTest
} }
) )
assert_response :success assert_response :success
assert_includes @response.headers['Cache-Control'], 'no-store'
assert_select_error /host cannot be blank/i assert_select_error /host cannot be blank/i
end end