Revert "Add instructions for working around NoScript XSS upload problem" #4319
Conversation
Codecov Report
@@ Coverage Diff @@
## develop #4319 +/- ##
===========================================
- Coverage 84.63% 84.62% -0.02%
===========================================
Files 43 43
Lines 2785 2783 -2
Branches 304 304
===========================================
- Hits 2357 2355 -2
Misses 359 359
Partials 69 69
Continue to review full report at Codecov.
|
eloquence
requested review from
conorsch,
emkll,
heartsucker,
kushaldas,
msheiny and
redshiftzero
as code owners
securedrop/sass/_base.sass
Outdated
| @@ -71,10 +71,6 @@ | |||
| @import "modules/grid-item" | |||
| // Option - might be unused. Delete? | |||
| @import "modules/option" | |||
| // Flexbox - support for flexbox layouts | |||
| @import "modules/flexbox" | |||
There was a problem hiding this comment.
The flexbox module is used elsewhere, so needs to be kept. Not sure how it got swept up in the revert, as it was added in 4ae0c3f#diff-e95835e98013102be1f7b1c88d5505e0.
There was a problem hiding this comment.
If I remember correctly, the revert triggered a conflict; I must have accidentally removed it on resolution. Will amend.
eloquence
force-pushed
the
revert-noscript
branch
from
9fbc098
to
7f0586b
Compare
|
Looks good. I checked an instance of content that was misaligned without the flexbox module and it's fine now. |
There was a problem hiding this comment.
Went through the test plan as described:
-
Build updated staging environment
-
Connect to source interface using Tor browser version 8.0.8 or greater
-
Verify that "Scan uploads for potential cross-site requests" option (under "Advanced" NoScript settings) is not set. It should be unset by default.
-
Verify that NoScript instructions implemented in Remove NoScript workaround instructions from Source Interface #4160 no longer appear on source interface
-
Upload a test file of at least 75MB size repeatedly - I tried with files ranging from 76 to 120MB
-
make upgrade-start && make upgrade-test-localresults in reverted NoScript instruction changes.
One minor nit inline, but shouldn't block merge. Based on this and @rmol 's review above, LGTM
|
|
||
| <p>{{ gettext('Repeat steps 1-3 from above and re-check the setting. The setting has no effect while your Security Slider is set to "Safest", but we recommend enabling it during normal Tor usage.') }}</p> | ||
|
|
||
| <p><a href="/lookup">« {{ gettext('Back to submission page') }}</a></p> |
There was a problem hiding this comment.
This also reverts babc2f5 which explains the difference in diff line counts
Resolves #4160.
This reverts commit b355308 (and the dependent commit babc2f5).
Status
Ready for review
Test plan
Expected result:
Deployment
No special considerations. Tor browser includes the required fix as of version 8.0.8, which was also shipped with Tails 3.13.1, and which should auto-updated on most systems.
Checklist
make ci-lint) and tests (make -C securedrop test) pass in the development container