Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Review csrf and jwt tokens usage #2131

Closed
Zejnilovic opened this issue Sep 19, 2022 · 1 comment · Fixed by #2142
Closed

Review csrf and jwt tokens usage #2131

Zejnilovic opened this issue Sep 19, 2022 · 1 comment · Fixed by #2142
Assignees
@jakipatryk
Labels
Menas Menas component affected priority: undecided Undecided priority to be assigned after discussion refactoring Improving code quality, paying off tech debt, aligning API, cleanup of unused code security Relates to application security

Comments

@Zejnilovic
Copy link
Contributor

Background

Moving to one big pipeline, we will have to have a proper and well-done Login mechanism.

Feature

  • Review csrf and jwt tokens usage
  • Change what is needed
@Zejnilovic Zejnilovic added refactoring Improving code quality, paying off tech debt, aligning API, cleanup of unused code Menas Menas component affected security Relates to application security priority: undecided Undecided priority to be assigned after discussion labels Sep 19, 2022
jakipatryk added a commit that referenced this issue Oct 19, 2022
@jakipatryk
#2131 Remove CSRF token usage
f546e44
jakipatryk added a commit that referenced this issue Oct 19, 2022
@jakipatryk
#2131 Remove setting JWT to cookie on frontend manually
6e061e3
@jakipatryk jakipatryk mentioned this issue Oct 19, 2022
Merged
miroslavpojer added a commit that referenced this issue Oct 20, 2022
@miroslavpojer
#2131 Review csrf and jwt tokens usage
3e5d119 
- Removed CSRF token from endpoint call headers.
jakipatryk added a commit that referenced this issue Nov 8, 2022
@jakipatryk @miroslavpojer
#2131 Remove CSRF token and JWT in cookies (#2142)
d1ad603 
* #2131 Remove CSRF token usage

* #2131 Remove setting JWT to cookie on frontend manually

* #2131 Review csrf and jwt tokens usage
- Removed CSRF token from endpoint call headers.

Co-authored-by: AB024LL <miroslav.pojer@absa.africa>
Co-authored-by: miroslavpojer <109138042+miroslavpojer@users.noreply.github.com>
@jakipatryk
Copy link
Collaborator

Release notes
Usage of CSRF token and manually persisting JWT in cookies on frontend side has been removed.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@jakipatryk jakipatryk

Labels
Menas Menas component affected priority: undecided Undecided priority to be assigned after discussion refactoring Improving code quality, paying off tech debt, aligning API, cleanup of unused code security Relates to application security
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

#2131 Remove CSRF token and JWT in cookies AbsaOSS/enceladus
2 participants
@Zejnilovic @jakipatryk