Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SameSite Config Option for Cookie #35

Closed
wants to merge 9 commits into from
Closed

SameSite Config Option for Cookie #35

wants to merge 9 commits into from

Conversation

JVickery-TBS
Copy link
Contributor

Adds ckanext.csrf_filter.same_site config option which defaults to 'None' and uses it in setting the token cookie. Asserts the allowed values of 'Strict', 'Lax', and 'None'

This should solve the issue: #28

ThrawnCA and others added 4 commits March 14, 2023 15:44
@ThrawnCA
Merge pull request qld-gov-au#32 from qld-gov-au/develop
f517a42 
Develop to master
@ThrawnCA
Merge pull request qld-gov-au#34 from qld-gov-au/develop
bee9587 
Develop to master - fix CSRF errors on re-login
@JVickery-TBS
feat(dev): added option for samesite cookie attribute;
4f2dd81 
- Added config option `ckanext.csrf_filter.same_site` to set the cookie Samesite attribute.
@JVickery-TBS
feat(dev): added to readme;
5d857ec 
- Added SameSite config to readme.
ThrawnCA
ThrawnCA approved these changes Jun 10, 2023
View reviewed changes
Copy link
Contributor

@ThrawnCA ThrawnCA left a comment
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks great, thanks for the contribution!

Could I get you to target the 'develop' branch instead of 'main'? That's used in our development environments to try features out.

JVickery-TBS and others added 2 commits June 21, 2023 17:21
@JVickery-TBS
feat(dev): added exemption regex rules;
d635aa3 
- Added config option for regex matching exlcusions to CSRF token checks.
@JVickery-TBS
Merge pull request #1 from open-data/feature/exempt-endpoints
322b369 
Regex Rules to Exempt from Token Checks
@duttonw duttonw changed the base branch from main to develop June 21, 2023 21:41
@duttonw
Copy link
Member

duttonw commented Jun 21, 2023

Hi @JVickery-TBS, Due to github cost cutting, they disable github actions on forked repo's. Can you enable github actions on your fork and retrigger a build so cicd pipeline can run letting us know if tests pass, etc. https://github.com/open-data/ckanext-csrf-filter/actions

@JVickery-TBS
Copy link
Contributor Author

@duttonw Workflows enabled on our fork now. Did you want me to add on dispatch and on PR to the test yaml?

@JVickery-TBS
Copy link
Contributor Author

@duttonw @ThrawnCA oops sorry I have more code that made it into this PR. Regarding the option for custom regex rules to exempt from token checks.

I will clean this PR up and make a new one for the custom regex rules stuff. And then we will get the tests running on those.

JVickery-TBS and others added 3 commits August 25, 2023 16:26
@JVickery-TBS
feat(views): allow flask response streams;
b9ced25 
- Allow response generators to return and not be edited to insert any token.
@JVickery-TBS @wardi
Update ckanext/csrf_filter/plugin.py
0e1c4d5 
Co-authored-by: Ian Ward <[email protected]>
@JVickery-TBS
Merge pull request #2 from open-data/feat/allow-response-generator-st…
2b334a9 
…ream

Allow Response Streaming from Generators
@JVickery-TBS
Copy link
Contributor Author

Just splitting this up into multiple PRs now.

#36

@JVickery-TBS
Copy link
Contributor Author

And this one: #37 (includes the getattr feedback from this conversation)

@JVickery-TBS
Copy link
Contributor Author

And finally this one: #38

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ThrawnCA ThrawnCA ThrawnCA approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@JVickery-TBS @duttonw @ThrawnCA