New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix(oidc): form post csp not set correctly #7017
Conversation
This fixes an issue where the Content Security Policy was not set correctly in all situations.
ArtifactsThese changes are published for testing on Buildkite, DockerHub and GitHub Container Registry. Docker Container
|
WalkthroughThe recent update focuses on refining the process of handling OpenID Connect authorization requests. It involves reordering the operation sequence to ensure the Changes
Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media? TipsChatThere are 3 ways to chat with CodeRabbit:
Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments. CodeRabbit Commands (invoked as PR comments)
Additionally, you can add CodeRabbit Configration File (
|
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## master #7017 +/- ##
==========================================
+ Coverage 73.36% 73.40% +0.03%
==========================================
Files 345 345
Lines 29724 29726 +2
Branches 839 839
==========================================
+ Hits 21808 21819 +11
+ Misses 7045 7039 -6
+ Partials 871 868 -3
Flags with carried forward coverage won't be shown. Click here to find out more.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
requester, err = ctx.Providers.OpenIDConnect.NewAuthorizeRequest(ctx, r) | ||
|
||
if requester != nil && requester.GetResponseMode() == oidc.ResponseModeFormPost { | ||
ctx.SetUserValue(middlewares.UserValueKeyOpenIDConnectResponseModeFormPost, true) | ||
} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The adjustment to check for the FormPost
response mode before proceeding with error handling is a logical improvement. It ensures that the CSP is set correctly by identifying the response mode early. However, it's noted that these lines were not covered by tests.
Consider adding unit tests to cover this new logic path to ensure it behaves as expected under various conditions.
This fixes an issue where the Content Security Policy was not set correctly in all situations.
Summary by CodeRabbit