CSRF: support older token-based CSRF protection handler that want to render token into template#2894
Open
aldas wants to merge 1 commit intolabstack:masterfrom
Open
CSRF: support older token-based CSRF protection handler that want to render token into template#2894aldas wants to merge 1 commit intolabstack:masterfrom
aldas wants to merge 1 commit intolabstack:masterfrom
Conversation
…render token into template
Codecov Report✅ All modified and coverable lines are covered by tests. Additional details and impacted files@@ Coverage Diff @@
## master #2894 +/- ##
=======================================
Coverage 92.92% 92.92%
=======================================
Files 43 43
Lines 4480 4481 +1
=======================================
+ Hits 4163 4164 +1
Misses 197 197
Partials 120 120 ☔ View full report in Codecov by Sentry. 🚀 New features to boost your workflow:
|
4 tasks
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
I though I already merged this. I think #2876 got closed when I purged all old branches at my fork. I should not have deleted that branch as it was not merged yet
In case CSRF flow is using
Sec-Fetch-Siteheader but there is form still wanting to render CSRF token fields into form we can help them by setting dummy value to context that atleast something can be rendered into form. As we already know that this browser is able to sendSec-Fetch-Siteheader, we do not need to generate token value or deal with cookies.