[1.9.0rc2] Auth workflow fails due to CSRF cookie not being set #4755

foosel · 2023-03-09T09:34:02Z

The auth workflow from the appkeys plugin fails if the user is logged in/has a remember me cookie set, but no CSRF cookie is already present:

If the user is not yet logged in and no remember me cookie is present, going through the login dialog first covers up the issue.

It looks like the workflow isn't setting the CSRF cookie on template rendition, like login dialog and core UI do, so that needs to be looked into.

Fixes #4755

foosel · 2023-03-09T10:51:26Z

Fix ready for 1.9.0rc3

foosel · 2023-03-22T13:22:58Z

1.9.0rc3 is out.

foosel added the bug Issue describes a bug label Mar 9, 2023

foosel self-assigned this Mar 9, 2023

foosel mentioned this issue Mar 9, 2023

[RC Feedback] Feedback on the 1.9.0rc2 Release Candidate #4750

Closed

foosel added a commit that referenced this issue Mar 9, 2023

🐛 Add CSRF cookie on standalone appkeys dialog

0ce7930

Fixes #4755

foosel added the done Done but not yet released label Mar 9, 2023

foosel closed this as completed Mar 22, 2023

github-actions bot locked as resolved and limited conversation to collaborators Mar 22, 2024

Provide feedback