Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: update csurf -> csrf-csrf #290

Merged
merged 8 commits into from
Sep 18, 2023
Merged

feat: update csurf -> csrf-csrf #290

merged 8 commits into from
Sep 18, 2023

Conversation

Benehiko
Copy link
Contributor

@Benehiko Benehiko commented Sep 11, 2023
edited
Loading

Replaces csurf with csrf-csrf. https://www.npmjs.com/package/csrf-csrf

I have also updated the Ory client to the latest version.

Since this is a change in security related packages concerning CSRF protection on the consent endpoint, could you take a look @hperl?

Related Issue or Design Document

Checklist

  • I have read the contributing guidelines and signed the CLA.
  • I have referenced an issue containing the design document if my change introduces a new feature.
  • I have read the security policy.
  • I confirm that this pull request does not address a security vulnerability.
    If this pull request addresses a security vulnerability,
    I confirm that I got approval (please contact security@ory.sh) from the maintainers to push the changes.
  • I have added tests that prove my fix is effective or that my feature works.
  • I have added the necessary documentation within the code base (if appropriate).

Further comments

Benehiko
Benehiko commented Sep 11, 2023
View reviewed changes
src/routes/consent.ts Outdated Show resolved Hide resolved
src/routes/consent.ts Outdated Show resolved Hide resolved
@Benehiko Benehiko force-pushed the chore-package-updates branch 2 times, most recently from d79a0da to ce5d0d4 Compare September 13, 2023 16:01
alnr
alnr reviewed Sep 14, 2023
View reviewed changes
src/routes/consent.ts Outdated Show resolved Hide resolved
alnr
alnr reviewed Sep 14, 2023
View reviewed changes
README.md Outdated Show resolved Hide resolved
@Benehiko Benehiko marked this pull request as ready for review September 14, 2023 15:05
@Benehiko Benehiko self-assigned this Sep 14, 2023
jonas-jonas
jonas-jonas reviewed Sep 15, 2023
View reviewed changes
Copy link
Member

@jonas-jonas jonas-jonas left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This looks very good, and I might be able to use this lib as well. Looks like it's very versatile. Also, very nice updates to the README.

Have just a few nits.

src/routes/consent.ts Show resolved Hide resolved
src/routes/consent.ts Show resolved Hide resolved
src/routes/consent.ts Outdated Show resolved Hide resolved
src/routes/consent.ts Outdated Show resolved Hide resolved
@aeneasr aeneasr merged commit 768fafd into master Sep 18, 2023
8 checks passed
@aeneasr aeneasr deleted the chore-package-updates branch September 18, 2023 07:51
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jonas-jonas jonas-jonas jonas-jonas left review comments

@aeneasr aeneasr aeneasr approved these changes

@hperl hperl Awaiting requested review from hperl

@zepatrik zepatrik Awaiting requested review from zepatrik

@alnr alnr Awaiting requested review from alnr

Assignees

@Benehiko Benehiko

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@Benehiko @aeneasr @alnr @jonas-jonas