Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

core: http - xsrf #115

Closed
dsebastien opened this issue Mar 2, 2018 · 1 comment · Fixed by #708
Closed

core: http - xsrf #115

dsebastien opened this issue Mar 2, 2018 · 1 comment · Fixed by #708
Labels
comp: stark-core Stark Core must P1 security type: feature
Projects
10.0.0-beta.0
Milestone
10.0.0-beta.0

Comments

@dsebastien
Copy link
Contributor

In Stark "v1" we customized the $httpProvider to set the cookieName, headerName and our interceptor.
We need the same features with the new version.

Also, we should try and avoid enforcing "withCredentials: true" all the time :)
@dsebastien dsebastien added this to the must milestone Mar 2, 2018
@dsebastien dsebastien added the comp: stark-core Stark Core label Mar 2, 2018
@christophercr christophercr mentioned this issue Jul 4, 2018
Merged
3 tasks
@dsebastien dsebastien added the P2 label Aug 1, 2018
@christophercr christophercr self-assigned this Sep 14, 2018
@christophercr christophercr added this to To do in 10.0.0-beta.0 via automation Sep 14, 2018
@christophercr christophercr modified the milestones: must, 10.0.0-alpha.6 Sep 14, 2018
@christophercr christophercr added P1 and removed P2 labels Sep 14, 2018
christophercr referenced this issue in christophercr/stark Sep 14, 2018
@christophercr
feat(stark-core): implement XSRF protection in Stark Http module
43fb4ab 
ISSUES CLOSED: #115
christophercr referenced this issue in christophercr/stark Sep 17, 2018
@christophercr
feat(stark-core): implement XSRF protection in Stark Http module
f2abbc7 
ISSUES CLOSED: #115
@christophercr christophercr moved this from To do to In progress in 10.0.0-beta.0 Sep 19, 2018
christophercr referenced this issue in christophercr/stark Sep 20, 2018
@christophercr
feat(stark-core): implement XSRF protection in Stark Http module
563cca6 
ISSUES CLOSED: #115
christophercr referenced this issue in christophercr/stark Sep 21, 2018
@christophercr
feat(stark-core): implement XSRF protection in Stark Http module
40e09b5 
ISSUES CLOSED: #115
christophercr referenced this issue in christophercr/stark Sep 21, 2018
@christophercr
feat(stark-core): implement Stark XSRF module
32fdd4a 
ISSUES CLOSED: #115
christophercr referenced this issue in christophercr/stark Sep 21, 2018
@christophercr
feat(stark-core): implement Stark XSRF module
419c7c8 
ISSUES CLOSED: #115
@christophercr christophercr mentioned this issue Sep 21, 2018
Merged
3 tasks
@christophercr
Copy link
Collaborator

christophercr commented Sep 21, 2018
edited
Loading

Apparently the withCredentials: true should be added to all HTTP requests otherwise the browser will not accept the XSRF cookie received from the backend :s

christophercr referenced this issue in christophercr/stark Sep 24, 2018
@christophercr
feat(stark-core): implement Stark XSRF module
f61defe 
ISSUES CLOSED: #115
christophercr referenced this issue in christophercr/stark Sep 26, 2018
@christophercr
feat(stark-core): implement Stark XSRF module
fc071b5 
ISSUES CLOSED: #115
christophercr referenced this issue in christophercr/stark Sep 26, 2018
@christophercr
feat(stark-core): implement Stark XSRF module
e82ed0d 
ISSUES CLOSED: #115
10.0.0-beta.0 automation moved this from In progress to Done Sep 26, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
comp: stark-core Stark Core must P1 security type: feature
Projects
No open projects
10.0.0-beta.0
  
Done
Milestone
10.0.0-beta.0
Development

Successfully merging a pull request may close this issue.

feat(stark-core): implement Stark XSRF module christophercr/stark
2 participants
@dsebastien @christophercr