Slava Semushin
Slava Semushin
We should use new datetime API from Java8 instead (`LocalDateTime`). Depends on: - [ ] #930 - [ ] #931 - [ ] #933 - [ ] #1032 - [...
We need to update the sources use https where possible and activate additional check for CheckStyle for that. Details: - https://spring.io/blog/2019/06/10/announcing-nohttp - https://github.com/spring-io/nohttp - https://github.com/spring-io/nohttp/tree/master/nohttp-checkstyle I also have a draft...
We should cover all 4 cases. Tech debt for: 27794314f13572da7a59f418befeab1d32003b01 (#519)
To prevent possible errors during refactorings like we're doing in #455 it would be good to have tests that will checks that all resources that we serve are available (have...
After applying fix against CVE-2016-5007 (see 10a7f23efb1a5c8307154ec0d9818fb0102c4ddf) we also should add integration tests to ensure that, for example, unauthorized user can't access `/series/add` by changing URL to `/series/add/` or `/series/add.html`
All forms that `POST`ing data must have field with CSRF token.
We should check that at least the following pages are gzip-ed: - index page - `robots.txt` - `sitemap.xml` - `main.css` - `CatalogUtils.js` Tech debt for: 8a0a66cb58ff79c926bf9729d22112388184054a
We should test that Jetty doesn't show its version in `Server` header. Technical debt for: 9a82682d47ed67a58fdd25fb192a41bd51c0a1f9
We should test that IP address in `suspicious_activities` table isn't `127.0.0.1` when Jetty is working behind the proxy server. Technical debt for: 9a82682
Our server always sets `httpOnly` flag on a cookies. I want to have a test for it. One of the possible ways: https://github.com/Orange-OpenSource/hurl#testing-set-cookie-attributes