-
-
Notifications
You must be signed in to change notification settings - Fork 928
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add csrf cookie for login flow submission #2454
Add csrf cookie for login flow submission #2454
Conversation
I have tested my change works after regenerated SDK for go, by forward cookie with |
Thank you very much, I added the rest of them here: :) |
Hello @vizv |
Related issue(s)
#2003 (comment) doesn't work without allowing SDK pass a CSRF cookie, however I only fixed endpoint for login, but they are the similar issues.
Checklist
introduces a new feature.
contributing code guidelines.
vulnerability. If this pull request addresses a security. vulnerability, I
confirm that I got green light (please contact
security@ory.sh) from the maintainers to push
the changes.
works.
Further Comments
I can understand it's not recommend to use Go SDK to proxy the request, and login flow submit HTTP API is not stable yet, so feel free to reject this PR. However please remove browser login flow for SDK since it's broken right now (without passing CSRF cookie, the CSRF token will be rejected anyway).