opendev/gerrit
Code Issues Proposed changes
RETIRED, Gerrit as used by OpenStack
15,965 Commits 1 Branch 360 Tags 120 MiB
aea5d3e2fd
Go to file
Dave Borowitz aea5d3e2fd Send XSRF token as a cookie 
For XSRF protection, the REST API requires a special header
"X-Gerrit-Auth" containing a token known only to the JS running on the
server's domain. Previously, this was set as a JS literal in a
<script> tag directly in the output served at /.

To support a purely static JS application, we can't depend on
injecting JS literals into the body of /. Instead, provide the XSRF
token via a cookie on the response for /. Note that this only affects
how the server communicates the XSRF token to the client; we still
require clients to send the token back in the X-Gerrit-Auth header.
The server must ignore an XSRF token cookie sent by the client, since
the cookie will be sent on all requests, including possibly-forged
cross-site requests. As a minor optimization and to avoid confusion
when looking at request traces, the client code discards the cookie as
soon as it is stored in a JS variable.

Change-Id: Ie24051b48186d6f85bccadfe139e2103b4228cbe
2015-11-09 12:34:33 -05:00
.settings Update Eclipse code formatter settings 2015-08-31 07:03:36 +00:00
bucklets Expose acceptance test framework as new plugin artifact 2015-09-25 14:46:10 -04:00
contrib abandon_stale: Allow singular form of age parameter 2015-07-06 12:12:28 +09:00
Documentation Merge "Update reverse proxy configuration example for nginx" 2015-11-09 17:16:29 +00:00
gerrit-acceptance-framework Allow to enable note DB for all integration tests 2015-10-26 09:29:06 +00:00
gerrit-acceptance-tests ChangeIT: Add a test for successful rebase 2015-11-07 00:58:06 +00:00
gerrit-antlr Remove unnecessary dependencies 2015-09-18 06:02:35 +00:00
gerrit-cache-h2 H2CacheImpl: Support get(K, Callable<? extends V>) 2015-08-07 17:04:18 -07:00
gerrit-common Send XSRF token as a cookie 2015-11-09 12:34:33 -05:00
gerrit-extension-api Merge "Make MergeConflictException a ResourceConflictException" 2015-11-02 08:00:28 +00:00
gerrit-gpg Merge "Add project config boolean to require signed push on a project" 2015-10-26 18:20:22 +00:00
gerrit-gwtdebug Expose acceptance test framework as new plugin artifact 2015-09-25 14:46:10 -04:00
gerrit-gwtexpui Merge branch 'stable-2.11' 2015-10-27 11:10:42 +09:00
gerrit-gwtui Send XSRF token as a cookie 2015-11-09 12:34:33 -05:00
gerrit-gwtui-common Add push cert status to change screen 2015-10-16 12:08:08 -04:00
gerrit-httpd Send XSRF token as a cookie 2015-11-09 12:34:33 -05:00
gerrit-launcher GerritLauncher: Add rebuild-notedb to commonly used commands 2015-10-16 13:21:56 +09:00
gerrit-lucene Remove ChangeQueryRewriter interface 2015-10-28 12:11:25 -04:00
gerrit-main Replace C-style array declarations with Java-style declarations 2015-03-19 12:15:43 +09:00
gerrit-oauth Import StandardCharsets.UTF_8 as static 2015-10-19 14:59:46 +09:00
gerrit-openid Eliminate unnecessary Charset constants 2015-10-16 14:52:26 +00:00
gerrit-patch-commonsnet Consistently use character encoding constants 2015-10-16 08:39:12 +00:00
gerrit-patch-jgit Pass ChangeInfo object to extension panels 2015-08-04 14:05:24 +02:00
gerrit-pgm --dev flag for Init 2015-11-08 11:46:52 -08:00
gerrit-plugin-api Expose acceptance test framework as new plugin artifact 2015-09-25 14:46:10 -04:00
gerrit-plugin-archetype Remove outdated comment from settings file in plugin archetypes 2015-07-14 14:48:57 +02:00
gerrit-plugin-gwt-archetype Merge "GWT Plugin Archetype: Add step to link watchmanconfig in build docu" 2015-07-21 09:16:41 +00:00
gerrit-plugin-gwtui Buck: Move gwt-dev transitive deps to first order dependency 2015-10-18 19:01:42 +02:00
gerrit-plugin-js-archetype Remove outdated comment from settings file in plugin archetypes 2015-07-14 14:48:57 +02:00
gerrit-prettify Replace ACCOUNT_DIFF_PREFERENCES table with Git backend (part1) 2015-10-30 11:38:30 +01:00
gerrit-reviewdb Merge "Add option to omit duplicate comments." 2015-10-31 00:03:15 +00:00
gerrit-server Force ETag invalidation on draft publishing 2015-11-05 06:26:34 +01:00
gerrit-sshd Adjust line wrapping to silence Checkstyle warnings 2015-10-29 11:55:32 +09:00
gerrit-util-cli Add missing braces around if- for- and while-statements 2015-03-19 12:15:42 +09:00
gerrit-util-http RequestUtilTest: Convert to use Google Truth 2015-06-04 09:41:29 +09:00
gerrit-util-ssl Turn on many more Eclipse warnings, and fix them 2014-10-29 15:00:17 -07:00
gerrit-war Log4j: Add thread id in appender 2015-10-07 14:44:08 +02:00
lib Upgrade Codemirror to version 5.8 2015-11-05 10:23:22 +09:00
plugins Update cookbook plugin revision 2015-10-30 12:01:27 +09:00
ReleaseNotes Merge branch 'stable-2.11' 2015-10-16 17:14:25 +09:00
tools Buck: Fix SDM debug session 2015-10-25 10:22:29 +00:00
website/releases Update out of date hyperlinks 2015-06-17 22:38:13 +00:00
.buckconfig Disentangle BUCK caches for internally built and downloaded artifacts 2015-07-07 12:59:51 +02:00
.buckversion Buck: Upgrade to the latest version 2015-10-15 07:29:30 +00:00
.editorconfig Add basic EditorConfig 2015-03-03 07:12:16 +00:00
.gitignore Add .DS_Store to .gitignore 2015-11-05 11:06:52 -08:00
.gitmodules Add singleusergroup plugin 2013-11-09 07:45:00 +01:00
.mailmap Update mailmap 2015-04-08 07:50:41 +00:00
.pydevproject Update PyDev project to use Python 2.7 2014-10-02 15:16:44 +09:00
.watchmanconfig Watchman: Add buck-out dir to ignored directories 2014-08-21 07:32:37 +02:00
BUCK Make gerrit-acceptance-framework's artifacts match plugin's scheme 2015-09-29 10:57:20 +02:00
COPYING Initial project setup of Gerrit 2 2008-11-14 16:59:34 -08:00
INSTALL Remove Gerrit 1.x to 2.x import tools 2009-03-27 20:20:10 -07:00
README.md README: Update events information 2015-07-06 01:47:38 +00:00
SUBMITTING_PATCHES Update push URL in SUBMITTING_PATCHES 2012-03-29 00:57:14 -04:00
VERSION Set version to 2.12-SNAPSHOT 2015-02-23 02:53:20 +00:00

README.md

Gerrit Code Review

Gerrit is a code review and project management tool for Git based projects.

Objective

Gerrit makes reviews easier by showing changes in a side-by-side display, and allowing inline comments to be added by any reviewer.

Gerrit simplifies Git based project maintainership by permitting any authorized user to submit changes to the master Git repository, rather than requiring all approved changes to be merged in by hand by the project maintainer.

Documentation

For information about how to install and use Gerrit, refer to the documentation.

Source

Our canonical Git repository is located on googlesource.com. There is a mirror of the repository on Github.

Reporting bugs

Please report bugs on the issue tracker.

Contribute

Gerrit is the work of hundreds of contributors. We appreciate your help!

Please read the contribution guidelines.

Note that we do not accept Pull Requests via the Github mirror.

Getting in contact

The IRC channel on freenode is #gerrit. An archive is available at: echelog.com.

The Developer Mailing list is repo-discuss on Google Groups.

License

Gerrit is provided under the Apache License 2.0.

Build

Install Buck and run the following:

    git clone --recursive https://gerrit.googlesource.com/gerrit
    cd gerrit && buck build all

Install binary packages (Deb/Rpm)

The instruction how to configure GerritForge/BinTray repositories is here

On Debian/Ubuntu run:

    apt-get update & apt-get install gerrit=<version>-<release>

NOTE: release is a counter that starts with 1 and indicates the number of packages that have been released with the same version of the software.

On CentOS/RedHat run:

    yum clean all && yum install gerrit-<version>[-<release>]

NOTE: release is optional. Last released package of the version is installed if the release number is omitted.

Events

  • November 7-8 2015: Gerrit User Conference, Mountain View. (Register).
  • November 9-13 2015: Gerrit Hackathon, Mountain View. (Invitation Only).
  • March 2016: Gerrit Hackathon, Berlin. (Details to be confirmed).