Go to file

Dave Borowitz aea5d3e2fd Send XSRF token as a cookie

For XSRF protection, the REST API requires a special header
"X-Gerrit-Auth" containing a token known only to the JS running on the
server's domain. Previously, this was set as a JS literal in a
<script> tag directly in the output served at /.

To support a purely static JS application, we can't depend on
injecting JS literals into the body of /. Instead, provide the XSRF
token via a cookie on the response for /. Note that this only affects
how the server communicates the XSRF token to the client; we still
require clients to send the token back in the X-Gerrit-Auth header.
The server must ignore an XSRF token cookie sent by the client, since
the cookie will be sent on all requests, including possibly-forged
cross-site requests. As a minor optimization and to avoid confusion
when looking at request traces, the client code discards the cookie as
soon as it is stored in a JS variable.

Change-Id: Ie24051b48186d6f85bccadfe139e2103b4228cbe

2015-11-09 12:34:33 -05:00

.settings

Update Eclipse code formatter settings

2015-08-31 07:03:36 +00:00

bucklets

Expose acceptance test framework as new plugin artifact

2015-09-25 14:46:10 -04:00

contrib

abandon_stale: Allow singular form of age parameter

2015-07-06 12:12:28 +09:00

Documentation

Merge "Update reverse proxy configuration example for nginx"

2015-11-09 17:16:29 +00:00

gerrit-acceptance-framework

Allow to enable note DB for all integration tests

2015-10-26 09:29:06 +00:00

gerrit-acceptance-tests

ChangeIT: Add a test for successful rebase

2015-11-07 00:58:06 +00:00

gerrit-antlr

Remove unnecessary dependencies

2015-09-18 06:02:35 +00:00

gerrit-cache-h2

H2CacheImpl: Support get(K, Callable<? extends V>)

2015-08-07 17:04:18 -07:00

gerrit-common

Send XSRF token as a cookie

2015-11-09 12:34:33 -05:00

gerrit-extension-api

Merge "Make MergeConflictException a ResourceConflictException"

2015-11-02 08:00:28 +00:00

gerrit-gpg

Merge "Add project config boolean to require signed push on a project"

2015-10-26 18:20:22 +00:00

gerrit-gwtdebug

Expose acceptance test framework as new plugin artifact

2015-09-25 14:46:10 -04:00

gerrit-gwtexpui

Merge branch 'stable-2.11'

2015-10-27 11:10:42 +09:00

gerrit-gwtui

Send XSRF token as a cookie

2015-11-09 12:34:33 -05:00

gerrit-gwtui-common

Add push cert status to change screen

2015-10-16 12:08:08 -04:00

gerrit-httpd

Send XSRF token as a cookie

2015-11-09 12:34:33 -05:00

gerrit-launcher

GerritLauncher: Add rebuild-notedb to commonly used commands

2015-10-16 13:21:56 +09:00

gerrit-lucene

Remove ChangeQueryRewriter interface

2015-10-28 12:11:25 -04:00

gerrit-main

Replace C-style array declarations with Java-style declarations

2015-03-19 12:15:43 +09:00

gerrit-oauth

Import StandardCharsets.UTF_8 as static

2015-10-19 14:59:46 +09:00

gerrit-openid

Eliminate unnecessary Charset constants

2015-10-16 14:52:26 +00:00

gerrit-patch-commonsnet

Consistently use character encoding constants

2015-10-16 08:39:12 +00:00

gerrit-patch-jgit

Pass ChangeInfo object to extension panels

2015-08-04 14:05:24 +02:00

gerrit-pgm

--dev flag for Init

2015-11-08 11:46:52 -08:00

gerrit-plugin-api

Expose acceptance test framework as new plugin artifact

2015-09-25 14:46:10 -04:00

gerrit-plugin-archetype

Remove outdated comment from settings file in plugin archetypes

2015-07-14 14:48:57 +02:00

gerrit-plugin-gwt-archetype

Merge "GWT Plugin Archetype: Add step to link watchmanconfig in build docu"

2015-07-21 09:16:41 +00:00

gerrit-plugin-gwtui

Buck: Move gwt-dev transitive deps to first order dependency

2015-10-18 19:01:42 +02:00

gerrit-plugin-js-archetype

Remove outdated comment from settings file in plugin archetypes

2015-07-14 14:48:57 +02:00

gerrit-prettify

Replace ACCOUNT_DIFF_PREFERENCES table with Git backend (part1)

2015-10-30 11:38:30 +01:00

gerrit-reviewdb

Merge "Add option to omit duplicate comments."

2015-10-31 00:03:15 +00:00

gerrit-server

Force ETag invalidation on draft publishing

2015-11-05 06:26:34 +01:00

gerrit-sshd

Adjust line wrapping to silence Checkstyle warnings

2015-10-29 11:55:32 +09:00

gerrit-util-cli

Add missing braces around if- for- and while-statements

2015-03-19 12:15:42 +09:00

gerrit-util-http

RequestUtilTest: Convert to use Google Truth

2015-06-04 09:41:29 +09:00

gerrit-util-ssl

Turn on many more Eclipse warnings, and fix them

2014-10-29 15:00:17 -07:00

gerrit-war

Log4j: Add thread id in appender

2015-10-07 14:44:08 +02:00

lib

Upgrade Codemirror to version 5.8

2015-11-05 10:23:22 +09:00

plugins

Update cookbook plugin revision

2015-10-30 12:01:27 +09:00

ReleaseNotes

Merge branch 'stable-2.11'

2015-10-16 17:14:25 +09:00

tools

Buck: Fix SDM debug session

2015-10-25 10:22:29 +00:00

website/releases

Update out of date hyperlinks

2015-06-17 22:38:13 +00:00

.buckconfig

Disentangle BUCK caches for internally built and downloaded artifacts

2015-07-07 12:59:51 +02:00

.buckversion

Buck: Upgrade to the latest version

2015-10-15 07:29:30 +00:00

.editorconfig

Add basic EditorConfig

2015-03-03 07:12:16 +00:00

.gitignore

Add .DS_Store to .gitignore

2015-11-05 11:06:52 -08:00

.gitmodules

Add singleusergroup plugin

2013-11-09 07:45:00 +01:00

.mailmap

Update mailmap

2015-04-08 07:50:41 +00:00

.pydevproject

Update PyDev project to use Python 2.7

2014-10-02 15:16:44 +09:00

.watchmanconfig

Watchman: Add buck-out dir to ignored directories

2014-08-21 07:32:37 +02:00

BUCK

Make gerrit-acceptance-framework's artifacts match plugin's scheme

2015-09-29 10:57:20 +02:00

COPYING

Initial project setup of Gerrit 2

2008-11-14 16:59:34 -08:00

INSTALL

Remove Gerrit 1.x to 2.x import tools

2009-03-27 20:20:10 -07:00

README.md

README: Update events information

2015-07-06 01:47:38 +00:00

SUBMITTING_PATCHES

Update push URL in SUBMITTING_PATCHES

2012-03-29 00:57:14 -04:00

VERSION

Set version to 2.12-SNAPSHOT

2015-02-23 02:53:20 +00:00

README.md

Gerrit Code Review

Gerrit is a code review and project management tool for Git based projects.

Objective

Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.

Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.

Documentation

For information about how to install and use Gerrit, refer to the documentation.

Source

Our canonical Git repository is located on googlesource.com. There is a mirror of the repository on Github.

Reporting bugs

Please report bugs on the issue tracker.

Contribute

Gerrit is the work of hundreds of contributors. We appreciate your help!

Please read the contribution guidelines.

Note that we do not accept Pull Requests via the Github mirror.

Getting in contact

The IRC channel on freenode is #gerrit. An archive is available at: echelog.com.

The Developer Mailing list is repo-discuss on Google Groups.

License

Gerrit is provided under the Apache License 2.0.

Build

Install Buck and run the following:

    git clone --recursive https://gerrit.googlesource.com/gerrit
    cd gerrit && buck build all

Install binary packages (Deb/Rpm)

The instruction how to configure GerritForge/BinTray repositories is here

On Debian/Ubuntu run:

    apt-get update & apt-get install gerrit=<version>-<release>

NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.

On CentOS/RedHat run:

    yum clean all && yum install gerrit-<version>[-<release>]

NOTE: release is optional. Last released package of the version is installed if the release number is omitted.

Events

November 7-8 2015: Gerrit User Conference, Mountain View. (Register).
November 9-13 2015: Gerrit Hackathon, Mountain View. (Invitation Only).
March 2016: Gerrit Hackathon, Berlin. (Details to be confirmed).