{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":616395089,"defaultBranch":"main","name":"himari","ownerLogin":"sorah","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2023-03-20T10:01:53.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/29440?v=4","public":true,"private":false,"isOrgOwned":false},"refInfo":{"name":"","listCacheKey":"v0:1715370005.0","currentOid":""},"activityList":{"items":[{"before":"f482e98ac7bc803c2bb330d75a8f8ec44619f911","after":"a2671c1a6fe9d9bb7f8db04e9cff03bef3427fda","ref":"refs/heads/main","pushedAt":"2024-05-11T01:21:17.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"make rack-cors available in lambda image","shortMessageHtmlLink":"make rack-cors available in lambda image"}},{"before":null,"after":"1209ab0834e38a7264e520a86efdb95b2c957f27","ref":"refs/heads/fix-jsoncsrf-alb-oidc","pushedAt":"2024-05-10T19:40:05.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"Disable Rack::Protection::JsonCsrf\n\nAWS ALB seems to propagate user-agent originated request headers\non its `/oauth2/idpresponse` to a request sent to OP's userinfo\nendpoint (what??). I confirmed the userinfo endpoint receives:\n`referer`, `sec-ch-*`, `sec-fetch-*`, `accept-language` and other\nheaders.\n\n[Rack::Protection::JsonCsrf][] checks when a request is coming from 3rd\nparty origin (by `referer` and `origin` header) and prevent JSON\nresponse to be returned to protect from the attack known as JSON\nhijacking.\n\nThe attack works with script HTML element to load JSON document and\ncapture with overridden prototype.\n\nThe attack is now mitigated by: using [`x-content-type-options: nosniff`][],\nand many additional efforts [bugzil.la/376957][] were done in 10+ years ago.\n\nWe can say it is safe in modern browsers thus disabling the protection.\n\n[Rack::Protection::JsonCsrf]: https://github.com/sinatra/sinatra/blob/main/rack-protection/lib/rack/protection/json_csrf.rb\n[`x-content-type-options: nosniff`]: https://fetch.spec.whatwg.org/#determine-nosniff\n[bugzil.la/376957]: https://bugzilla.mozilla.org/show_bug.cgi?id=376957","shortMessageHtmlLink":"Disable Rack::Protection::JsonCsrf"}},{"before":null,"after":"152e55b729cae2921d69f3e92afec17b476ecb54","ref":"refs/heads/handle","pushedAt":"2024-05-10T19:40:05.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"make token handle no longer a sensitive value\n\nexpose in logs to ease manual revocation.\n\nhttps://github.com/sorah/himari/issues/3","shortMessageHtmlLink":"make token handle no longer a sensitive value"}},{"before":null,"after":"68db2721c05646741e3cb79feb208937241ac405","ref":"refs/heads/omniauth-himari","pushedAt":"2024-05-10T19:40:05.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"omniauth-himari: docs","shortMessageHtmlLink":"omniauth-himari: docs"}},{"before":null,"after":"cd0aea82600425b4cdd058c2faf5e3b3e985db96","ref":"refs/heads/prompt-login","pushedAt":"2024-05-10T19:40:05.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"font-family tweak","shortMessageHtmlLink":"font-family tweak"}},{"before":null,"after":"dfddb412a5f00154c8f9e233585a1a3ee6cd7725","ref":"refs/heads/session-in-storage","pushedAt":"2024-05-10T19:40:05.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"dynamodb_storage: consistent read by default","shortMessageHtmlLink":"dynamodb_storage: consistent read by default"}},{"before":"95181cf11ca6d6a492210682c351e1d2dac8c1fa","after":"f482e98ac7bc803c2bb330d75a8f8ec44619f911","ref":"refs/heads/main","pushedAt":"2024-05-10T19:39:46.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"releng himari/0.5.0","shortMessageHtmlLink":"releng himari/0.5.0"}},{"before":"2dce949944e2455312986cdb80e01a1c6f8d0800","after":"95181cf11ca6d6a492210682c351e1d2dac8c1fa","ref":"refs/heads/main","pushedAt":"2024-05-10T19:29:10.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"test against 3.2 and 3.3","shortMessageHtmlLink":"test against 3.2 and 3.3"}},{"before":"1c37f536b036da859588fd96695d1d8073c413da","after":"2dce949944e2455312986cdb80e01a1c6f8d0800","ref":"refs/heads/main","pushedAt":"2024-05-10T19:27:59.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"Client#require_pkce","shortMessageHtmlLink":"Client#require_pkce"}},{"before":"44bc40b9fe8634dfc01f3f500c5a55ba3b1e789b","after":"1c37f536b036da859588fd96695d1d8073c413da","ref":"refs/heads/main","pushedAt":"2023-08-26T03:43:49.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"include aud claim in userinfo endpoint","shortMessageHtmlLink":"include aud claim in userinfo endpoint"}},{"before":"811ba96a31f8c24899878ae591efad3132ac0823","after":"44bc40b9fe8634dfc01f3f500c5a55ba3b1e789b","ref":"refs/heads/main","pushedAt":"2023-03-29T00:56:53.415Z","pushType":"push","commitsCount":1,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"lambda: roll ruby3.2 container base image","shortMessageHtmlLink":"lambda: roll ruby3.2 container base image"}},{"before":"b9f37c9c05e06d52a1ce1a71e5e9fa788287d9af","after":"811ba96a31f8c24899878ae591efad3132ac0823","ref":"refs/heads/main","pushedAt":"2023-03-26T08:40:34.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"releng himari/v0.4.0, omniauth-himari/v0.2.0","shortMessageHtmlLink":"releng himari/v0.4.0, omniauth-himari/v0.2.0"}},{"before":"cd0aea82600425b4cdd058c2faf5e3b3e985db96","after":null,"ref":"refs/heads/prompt-login","pushedAt":"2023-03-26T08:38:26.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"}},{"before":"e08fdc0902231b1c7f5996c964439de0e5391b82","after":"b9f37c9c05e06d52a1ce1a71e5e9fa788287d9af","ref":"refs/heads/main","pushedAt":"2023-03-26T08:38:24.000Z","pushType":"pr_merge","commitsCount":4,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"Merge pull request #8 from sorah/prompt-login\n\nSupport prompt=login","shortMessageHtmlLink":"Merge pull request <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1640822560\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sorah/himari/issues/8\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sorah/himari/pull/8/hovercard\" href=\"https://github.com/sorah/himari/pull/8\">#8</a> from sorah/prompt-login"}},{"before":null,"after":"cd0aea82600425b4cdd058c2faf5e3b3e985db96","ref":"refs/heads/prompt-login","pushedAt":"2023-03-26T08:38:09.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"font-family tweak","shortMessageHtmlLink":"font-family tweak"}},{"before":"4681f101c0998c4da401cafa6a4b3079d780c5d0","after":"e08fdc0902231b1c7f5996c964439de0e5391b82","ref":"refs/heads/main","pushedAt":"2023-03-26T03:54:22.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"releng omniauth-himari/v0.1.1","shortMessageHtmlLink":"releng omniauth-himari/v0.1.1"}},{"before":"6d20cbc1701f903a986aaebd43dd277ce19d7b28","after":"4681f101c0998c4da401cafa6a4b3079d780c5d0","ref":"refs/heads/main","pushedAt":"2023-03-23T21:44:37.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"omniauth-himari: missing direct dependency on jwt gem","shortMessageHtmlLink":"omniauth-himari: missing direct dependency on jwt gem"}},{"before":"544cbddafae6e92a5949435a44704fd40d971702","after":"6d20cbc1701f903a986aaebd43dd277ce19d7b28","ref":"refs/heads/main","pushedAt":"2023-03-23T21:39:46.000Z","pushType":"push","commitsCount":2,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"fix error when log expired session token","shortMessageHtmlLink":"fix error when log expired session token"}},{"before":"dfddb412a5f00154c8f9e233585a1a3ee6cd7725","after":null,"ref":"refs/heads/session-in-storage","pushedAt":"2023-03-23T21:01:39.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"}},{"before":"25034d8555e8da9af56c295e3bcd00907ff9efeb","after":"544cbddafae6e92a5949435a44704fd40d971702","ref":"refs/heads/main","pushedAt":"2023-03-23T21:01:34.000Z","pushType":"pr_merge","commitsCount":7,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"Merge pull request #7 from sorah/session-in-storage\n\nSession in storage","shortMessageHtmlLink":"Merge pull request <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1638318103\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sorah/himari/issues/7\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sorah/himari/pull/7/hovercard\" href=\"https://github.com/sorah/himari/pull/7\">#7</a> from sorah/session-in-storage"}},{"before":null,"after":"dfddb412a5f00154c8f9e233585a1a3ee6cd7725","ref":"refs/heads/session-in-storage","pushedAt":"2023-03-23T21:00:30.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"dynamodb_storage: consistent read by default","shortMessageHtmlLink":"dynamodb_storage: consistent read by default"}},{"before":"87190891120a77315a59fad7118c6ee5e907a3ce","after":"25034d8555e8da9af56c295e3bcd00907ff9efeb","ref":"refs/heads/main","pushedAt":"2023-03-23T19:35:46.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"roll apigatewayv2_rack 0.2.0","shortMessageHtmlLink":"roll apigatewayv2_rack 0.2.0"}},{"before":"24be9fc9f78ec8e3f07396e4ae0bc28e20ca9a79","after":"4dd61e1535b221b98661e31bb47567b0e5b1ffb4","ref":"refs/heads/test","pushedAt":"2023-03-23T19:26:06.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"roll","shortMessageHtmlLink":"roll"}},{"before":"d47f03ffcaf5f45efb66d1380103bc63fa0ef82b","after":"24be9fc9f78ec8e3f07396e4ae0bc28e20ca9a79","ref":"refs/heads/test","pushedAt":"2023-03-23T19:20:15.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"roll","shortMessageHtmlLink":"roll"}},{"before":"6306ca360cd0971e19189819da5255f65f19cf22","after":"d47f03ffcaf5f45efb66d1380103bc63fa0ef82b","ref":"refs/heads/test","pushedAt":"2023-03-23T19:19:31.000Z","pushType":"force_push","commitsCount":0,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"apigatewayv2_rack git","shortMessageHtmlLink":"apigatewayv2_rack git"}},{"before":"5f1df9caacf6a875954bb9e8216c4d95ba6b21dc","after":"87190891120a77315a59fad7118c6ee5e907a3ce","ref":"refs/heads/main","pushedAt":"2023-03-23T18:35:34.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":".github/FUNDING.yml","shortMessageHtmlLink":".github/FUNDING.yml"}},{"before":"d2efd782bb32278245a647de1348b30044d19eed","after":"5f1df9caacf6a875954bb9e8216c4d95ba6b21dc","ref":"refs/heads/main","pushedAt":"2023-03-23T18:33:01.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"lambda: copy omniauth-himari","shortMessageHtmlLink":"lambda: copy omniauth-himari"}},{"before":"68db2721c05646741e3cb79feb208937241ac405","after":null,"ref":"refs/heads/omniauth-himari","pushedAt":"2023-03-23T18:25:57.000Z","pushType":"branch_deletion","commitsCount":0,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"}},{"before":"9bd1b797ff0850a08bde532495de1f4a126e7d92","after":"d2efd782bb32278245a647de1348b30044d19eed","ref":"refs/heads/main","pushedAt":"2023-03-23T18:25:54.000Z","pushType":"pr_merge","commitsCount":5,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"Merge pull request #6 from sorah/omniauth-himari\n\nOmniAuth::Strategies::Himari","shortMessageHtmlLink":"Merge pull request <a class=\"issue-link js-issue-link\" data-error-text=\"Failed to load title\" data-id=\"1638072782\" data-permission-text=\"Title is private\" data-url=\"https://github.com/sorah/himari/issues/6\" data-hovercard-type=\"pull_request\" data-hovercard-url=\"/sorah/himari/pull/6/hovercard\" href=\"https://github.com/sorah/himari/pull/6\">#6</a> from sorah/omniauth-himari"}},{"before":null,"after":"68db2721c05646741e3cb79feb208937241ac405","ref":"refs/heads/omniauth-himari","pushedAt":"2023-03-23T18:21:14.000Z","pushType":"branch_creation","commitsCount":0,"pusher":{"login":"sorah","name":"Sorah Fukumori","path":"/sorah","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/29440?s=80&v=4"},"commit":{"message":"omniauth-himari: docs","shortMessageHtmlLink":"omniauth-himari: docs"}}],"hasNextPage":true,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAERwfnswA","startCursor":null,"endCursor":null}},"title":"Activity · sorah/himari"}