Page MenuHomePhabricator
Create Task
Maniphest T330778

Add 'wmf_token' CSRF protection to dLocal forms
Closed, ResolvedPublic
Actions

Description

We can customise the dLocal return_url aka callback_url on a per-request basis, so let's add the wmf_token field, as suggested by @Damilare, to make our forms more secure. It's unclear why we didn't do this with the old streamline integration, but it looks like we can do it with the new integration.

Details

SubjectRepoBranchLines /-
Add 'wmf_token' CSRF protection to dLocal formsmediawiki/extensions/DonationInterfacemaster 35 -14
Customize query in gerrit

Event Timeline

jgleeson created this task.Feb 28 2023, 5:34 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptFeb 28 2023, 5:34 PM
AKanji-WMF moved this task from Triage to Sprint 1 on the Fundraising-Backlog board.Mar 6 2023, 8:59 PM
XenoRyet added a project: Fundraising Sprint Everything I Merge I Merge For You.Mar 8 2023, 5:18 PM
XenoRyet moved this task from Sprint 1 to Current Sprint on the Fundraising-Backlog board.Mar 8 2023, 7:01 PM
Damilare claimed this task.Mar 9 2023, 12:45 PM
Damilare moved this task from Backlog to Doing on the Fundraising Sprint Everything I Merge I Merge For You board.Mar 9 2023, 1:15 PM
gerritbot added a comment.Mar 9 2023, 2:44 PM

Change 896106 had a related patch set uploaded (by Damilare Adedoyin; author: Damilare Adedoyin):

[mediawiki/extensions/DonationInterface@master] Add 'wmf_token' CSRF protection to dLocal forms

https://gerrit.wikimedia.org/r/896106

gerritbot added a project: Patch-For-Review.Mar 9 2023, 2:44 PM
Damilare moved this task from Doing to Ready for Review on the Fundraising Sprint Everything I Merge I Merge For You board.Mar 9 2023, 3:54 PM
XenoRyet added a project: Fundraising Sprint Fish HEAD^.Mar 14 2023, 9:14 PM
Damilare moved this task from Backlog to Ready for Review on the Fundraising Sprint Fish HEAD^ board.Mar 15 2023, 1:37 PM
gerritbot added a comment.Mar 21 2023, 5:13 PM

Change 896106 merged by jenkins-bot:

[mediawiki/extensions/DonationInterface@master] Add 'wmf_token' CSRF protection to dLocal forms

https://gerrit.wikimedia.org/r/896106

Maintenance_bot removed a project: Patch-For-Review.Mar 21 2023, 5:30 PM
ReleaseTaggerBot added a project: MW-1.41-notes (1.41.0-wmf.2; 2023-03-27).Mar 21 2023, 6:00 PM
Ejegg moved this task from Ready for Review to Pending Deployment on the Fundraising Sprint Fish HEAD^ board.Mar 21 2023, 7:35 PM
Ejegg moved this task from Pending Deployment to Done on the Fundraising Sprint Fish HEAD^ board.Mar 21 2023, 10:53 PM
Dwisehaupt closed this task as Resolved.Mar 28 2023, 7:19 PM
Dwisehaupt set Final Story Points to 2.
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits