Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Anti-CSRF Handling should always account for partial matching #8283

Merged
merged 2 commits into from
Jan 5, 2024
Merged

Anti-CSRF Handling should always account for partial matching #8283

merged 2 commits into from
Jan 5, 2024

Conversation

kingthorin
Copy link
Member

@kingthorin kingthorin commented Jan 4, 2024
edited

  • ExtensionAntiCSRF - Ensure public method always accounts for partial matching.
  • ExtensionAntiCSRFUnitTest - Add a method to assert the behavior.

Related to:

@thc202 thc202 added this to the 2.15.0 milestone Jan 4, 2024
@kingthorin
Anti-CSRF Handling should always account for partial matching
aecf7cc 
- ExtensionAntiCSRF - Ensure public method always accounts for partial
matching.
- ExtensionAntiCSRFUnitTest - Add a method to assert the behavior.

Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>
@kingthorin
Copy link
Member Author

Testing tweaked.

@kingthorin
Copy link
Member Author

Also I noticed one of the constants in the test class is misspelled, which I'm happy to correct here or another PR.

UNKOWN_TOKENUNKNOWN_TOKEN (missing N in known).

@thc202
Copy link
Member

thc202 commented Jan 4, 2024

Fine here in a separate commit?

@kingthorin
Copy link
Member Author

Sure

@kingthorin
Correct typo in constant name
74eefb4 
Signed-off-by: kingthorin <kingthorin@users.noreply.github.com>
@thc202
Copy link
Member

thc202 commented Jan 4, 2024

Thank you!

@psiinon psiinon merged commit 929db1e into zaproxy:main Jan 5, 2024
9 checks passed
@kingthorin kingthorin deleted the csrf-partial branch January 5, 2024 12:04
@github-actions GitHub Actions
Copy link

github-actions bot commented Apr 5, 2024

This PR has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.

@github-actions github-actions bot locked and limited conversation to collaborators Apr 5, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@psiinon psiinon psiinon approved these changes

@thc202 thc202 thc202 approved these changes

Assignees
No one assigned
Labels
enhancement
Milestone
2.15.0
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@kingthorin @thc202 @psiinon