Closed pushyamig closed 6 months ago
Tested Course Rename Create section Create external user (single and Bulk) Enroll Users To course section Unmerge sections Merge Sections Deleted the Canvas API token, re-authenticate and tested course rename
@ktowneUM you moved the issue to Dev/QA
after testing, did you mean to move it to Done
?
There is some developer only testing in the test plan I can't do
Dev test plan was provided is for when reviewing PR and checking that. I think it is already taken care so I will move the issue to Done column
This package is deprecated and need to replace with a new one. We have chosen to us Double CSRF Package Here is some of the reading and recommendation on this
https://dev-academy.com/csurf-vulnerability/ https://security.stackexchange.com/questions/271190/secure-alternative-to-csurf-npm-package https://github.com/expressjs/csurf
Test Plan:
Function Point of View
Developer Only Testing: All the above testing and all things listed below. This needs to be done during the PR review
ccm_web/client/src/api.ts
and see the Backend handles missing CSRF token properly