Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resolve Frontend CSRF/Credentials Management Findings (CRASM-730, 732) #650

Open
wants to merge 5 commits into
base: develop
Choose a base branch
from
Open

Resolve Frontend CSRF/Credentials Management Findings (CRASM-730, 732) #650

wants to merge 5 commits into from

Conversation

hawkishpolicy
Copy link
Collaborator

@hawkishpolicy hawkishpolicy commented Sep 27, 2024
edited
Loading

🗣 Description

  • Added "noopener noreferrer" to external links detailed in ST&E Report.
  • Deleted RSCAuthLoginCreate.tsx, RSCRegisterForm.tsx, RSCregisterFormStyle.ts
  • Removed RSCAuthLoginCreate from App.tsx and the route for it.
  • Added placeholder text to RSCLogin.tsx with linked to-do.

💭 Motivation and context

🧪 Testing

✅ Pre-approval checklist

  • This PR has an informative and human-readable title.
  • Changes are limited to a single goal - eschew scope creep!
  • All future TODOs are captured in issues, which are referenced
    in code comments.
  • All relevant type-of-change labels have been added.
  • I have read the CONTRIBUTING document.
  • These code changes follow cisagov code standards.
  • All new and existing tests pass.

✅ Pre-merge checklist

  • Revert dependencies to default branches.
  • Finalize version.

✅ Post-merge checklist

  • Create a release.

@hawkishpolicy
Edited external links props
84359ee 
- Added rel="noopener noreferrer" to external links flagged in ST&E report.
@hawkishpolicy
Merge remote-tracking branch 'origin/develop' into 645-resolve-fronte…
88d0d34 
…nd-cross-site-request-forgery-findings-crasm-730
@hawkishpolicy hawkishpolicy added security This issue or pull request addresses a security issue frontend labels Sep 27, 2024
@hawkishpolicy hawkishpolicy self-assigned this Sep 27, 2024
@hawkishpolicy hawkishpolicy linked an issue Sep 27, 2024 that may be closed by this pull request
Resolve Frontend Cross-Site Request Forgery Findings (CRASM-730) #645
Open
@hawkishpolicy
Edited App.tsx and deleted RSC components
55d6007 
- Deleted RSCAuthLoginCreate.tsx, RSCRegisterForm.tsx, RSCregisterFormStyle.ts
- Removed RSCAuthLoginCreate from App.tsx and the route for it.
- Added placeholder text to RSCLogin.tsx with linked to-do.
@hawkishpolicy
Updated frontend snapshots
b8c6ac5
@hawkishpolicy hawkishpolicy marked this pull request as ready for review September 30, 2024 20:18
@hawkishpolicy hawkishpolicy changed the title Resolve Frontend CSRF Findings (CRASM-730) Resolve Frontend CSRF/Credentials Management Findings (CRASM-730, 732) Sep 30, 2024
@hawkishpolicy hawkishpolicy marked this pull request as draft October 1, 2024 14:30
@hawkishpolicy hawkishpolicy marked this pull request as ready for review October 2, 2024 15:34
Matthew-Grayson
Matthew-Grayson approved these changes Oct 2, 2024
View reviewed changes
Copy link
Contributor

@Matthew-Grayson Matthew-Grayson left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great!

@ameliav ameliav self-requested a review October 2, 2024 15:47
ameliav
ameliav approved these changes Oct 2, 2024
View reviewed changes
Copy link
Contributor

@ameliav ameliav left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ameliav ameliav ameliav approved these changes

@Matthew-Grayson Matthew-Grayson Matthew-Grayson approved these changes

@aloftus23 aloftus23 Awaiting requested review from aloftus23 aloftus23 is a code owner

@cduhn17 cduhn17 Awaiting requested review from cduhn17 cduhn17 is a code owner

@nickviola nickviola Awaiting requested review from nickviola nickviola is a code owner

@rapidray12 rapidray12 Awaiting requested review from rapidray12 rapidray12 is a code owner

@schmelz21 schmelz21 Awaiting requested review from schmelz21 schmelz21 is a code owner

Assignees

@hawkishpolicy hawkishpolicy

Labels
frontend security This issue or pull request addresses a security issue
Projects
None yet
Milestone
No milestone
3 participants
@hawkishpolicy @ameliav @Matthew-Grayson