Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Disable CSRF if the request has no cookies #515

Merged
merged 9 commits into from Jun 14, 2019

Conversation

@ausi
Copy link
Member

commented Jun 12, 2019

If there are no cookies:

  • Don’t send CSRF cookie
  • Remove existing CSRF cookies
  • Disable CSRF validation

  • Unit tests
@Toflar

This comment has been minimized.

Copy link
Member

commented Jun 13, 2019

Approach looks correct to me 👍

@leofeyer leofeyer force-pushed the contao:master branch from 67bdc5c to d42ccf4 Jun 13, 2019

@ausi ausi changed the title [WIP] Disable CSRF if the request has no cookies Disable CSRF if the request has no cookies Jun 13, 2019

@ausi ausi marked this pull request as ready for review Jun 13, 2019

@ausi ausi requested a review from Toflar Jun 13, 2019

@Toflar
Toflar approved these changes Jun 13, 2019
Copy link
Member

left a comment

Once again: Excellent work 🕺

@leofeyer leofeyer merged commit 4118d8f into contao:master Jun 14, 2019

3 checks passed

Travis CI - Pull Request Build Passed
Details
continuous-integration/appveyor/pr AppVeyor build succeeded
Details
coverage/coveralls Coverage decreased (-0.2%) to 87.391%
Details
@leofeyer

This comment has been minimized.

Copy link
Member

commented Jun 14, 2019

Thank you @ausi.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
3 participants
You can’t perform that action at this time.