Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Prep for release #40

Merged
merged 15 commits into from
Apr 23, 2022
Merged

Prep for release #40

merged 15 commits into from
Apr 23, 2022

Conversation

j0lvera
Copy link
Owner

@j0lvera j0lvera commented Apr 19, 2022
edited
Loading

This PR fixes a bunch of bugs. Adds a new example, and add some API documentation.

Also, adds an initial setup for integration and unit tests.

j0lvera and others added 14 commits September 15, 2020 14:38
@j0lvera
Update functionality, docs, and bug fixes
585086b 
The way Next.js works--with all its optimizations--doesn't allow to have
a token on the first render, we could do it with SSR, but that would
compromise the home page. Maybe doing it in a login page would be ideal.

We can't access the cookie from the client because it's saved in
an httpOnly cookie. For this reason, we can't do Double-submit cookie
pattern since we can't get the token from the cookie to add it to the
header. Again, we could add it with `getInitialProps` but we compromise
important optimizations.

So far, we are able to do Synchronizer Token Pattern and with the caveat
of doing a `/csrf` endpoint, the thing that the Understanding CSRF
document suggest against.
@j0lvera
Update example
4b82507 
The example now uses a SSR page to setup the token instead of calling a
API route.

Lock files are now in the .gitignore file.
@j0lvera
move csrf secret to env.local
ea58a4e
@j0lvera
example updates
1037a01
@j0lvera
update license and gitignore
81d6f1f
@j0lvera
fix merge conflicts
be91624
@j0lvera
Merge branch 'beta' into bug-fixes-documentation
525b0e3
@j0lvera
Merge pull request #6 from j0lv3r4/bug-fixes-documentation
7da5783 
Update functionality, docs, and bug fixes
@j0lvera
Setup e2e testing
ad4fd96 
Next.js maintainers recommend to use e2e for testing endpoints, to run a
Next.js app instance and send a request against the API route directly.

* vercel/next.js#15166 (reply in thread)

For running the webserver and running the e2e I decided to use
Playwright.

Also added yalc for managing local next-csrf as a dependency locally in the
example folder.
@j0lvera
fix conflicts
300583c
@j0lvera
working example
56dfc00
@j0lvera
WIP
55bd100
@j0lvera
fix integration test
1ee79af
@j0lvera
udpate readme
0cbd07e
@j0lvera j0lvera force-pushed the setup-integration-testing branch from 74c1711 to 0cbd07e Compare April 22, 2022 13:42
@j0lvera j0lvera changed the title Setup integration testing Prep for release Apr 22, 2022
@j0lvera j0lvera force-pushed the setup-integration-testing branch from d929204 to 5946f98 Compare April 22, 2022 14:06
@j0lvera j0lvera marked this pull request as ready for review April 23, 2022 04:39
@j0lvera j0lvera merged commit 45d5fce into main Apr 23, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@j0lvera