Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CSRF protection to Omniauth requests #3840

Merged
merged 1 commit into from
Jan 28, 2020
Merged

Add CSRF protection to Omniauth requests #3840

merged 1 commit into from
Jan 28, 2020

Conversation

javierm
Copy link
Member

@javierm javierm commented Nov 9, 2019

References

Objectives

  • Use POST requests to Omniauth services in order to protect against CSRF

@javierm javierm added the security Pull requests that address a security vulnerability label Nov 9, 2019
@javierm javierm self-assigned this Nov 9, 2019
@javierm javierm added this to Reviewing in Roadmap via automation Nov 9, 2019
@javierm javierm moved this from Reviewing to Testing in Roadmap Nov 9, 2019
@javierm javierm mentioned this pull request Nov 9, 2019
Closed
@javierm javierm force-pushed the omniauth_csrf branch 3 times, most recently from 51d5f64 to bae14bd Compare November 14, 2019 13:40
@javierm javierm force-pushed the omniauth_csrf branch 7 times, most recently from 4cf3920 to c181a65 Compare November 19, 2019 23:11
@javierm javierm merged commit 9bbed55 into master Jan 28, 2020
Roadmap automation moved this from Testing to Release 1.1.0 Jan 28, 2020
@javierm javierm deleted the omniauth_csrf branch January 28, 2020 11:52
@javierm javierm mentioned this pull request Mar 4, 2020
Merged
smarques pushed a commit to venetochevogliamo/consul that referenced this pull request Apr 29, 2020
@javierm
Merge pull request consuldemocracy#3840 from consul/omniauth_csrf
2230cff 
Add CSRF protection to Omniauth requests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@microweb10 microweb10 microweb10 approved these changes

Assignees

@javierm javierm

Labels
security Pull requests that address a security vulnerability
Projects
No open projects
Roadmap
  
Release 1.1.0
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
2 participants
@javierm @microweb10