Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: OpenAPI plugins send CSRF request header #3754

Merged
merged 4 commits into from
Sep 22, 2024
Merged

feat: OpenAPI plugins send CSRF request header #3754

merged 4 commits into from
Sep 22, 2024

Conversation

floxay
Copy link
Contributor

@floxay floxay commented Sep 21, 2024

Supported OpenAPI UI clients will extract the CSRF cookie value and attach it to the request headers if CSRF is enabled on the application.

  • Swagger
  • RapiDoc
  • Scalar
  • Redoc
  • Stoplight Elements

Scalar (scalar/scalar#2810), Redoc and (Stoplight) Elements does not seem to support interceptors or some other mechanism to achieve this.

Currently it also sends the header on "safe" methods but for both currently supported UI clients (Swagger and RapiDoc) it's possible to limit this to "unsafe" methods only, if required.

@codecov Codecov
Copy link

codecov bot commented Sep 21, 2024
edited
Loading

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 98.35%. Comparing base (88c313c) to head (134a6ff).
Report is 1 commits behind head on main.

Additional details and impacted files 
@@           Coverage Diff           @@
##             main    #3754   +/-   ##
=======================================
  Coverage   98.35%   98.35%           
=======================================
  Files         331      331           
  Lines       15277    15287   +10     
  Branches     2445     2447    +2     
=======================================
+ Hits        15025    15035   +10     
  Misses        112      112           
  Partials      140      140

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@floxay floxay force-pushed the openapi-plugins-csrf branch from 9c4cd34 to 59c219f Compare September 22, 2024 00:45
@github-actions GitHub Actions
Copy link

Documentation preview will be available shortly at https://litestar-org.github.io/litestar-docs-preview/3754

@floxay floxay marked this pull request as ready for review September 22, 2024 15:14
@floxay floxay requested review from a team as code owners September 22, 2024 15:14
cofin
cofin approved these changes Sep 22, 2024
View reviewed changes
Copy link
Member

@cofin cofin left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for these changes!

@cofin cofin merged commit 5f01bb9 into litestar-org:main Sep 22, 2024
25 checks passed
@cofin
Copy link
Member

cofin commented Sep 22, 2024

@all-contributors add @floxay for code and tests

@allcontributors allcontributors bot mentioned this pull request Sep 22, 2024
Merged
@allcontributors AllContributors
Copy link
Contributor

@cofin

I've put up a pull request to add @floxay! 🎉

@floxay floxay deleted the openapi-plugins-csrf branch September 22, 2024 19:45
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@cofin cofin cofin approved these changes

Assignees
No one assigned
Labels
pr/external size: small Triage Required 🏥 This requires triage type/feat
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@floxay @cofin