synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-15 22:20:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Implement (but not enforce) CSRF for FE requests (#3786)

Browse Source 
Future work is to enforce CSRF

Co-authored-by: Presley Pizzo <presley@coder.com>
This commit is contained in:
Steven Masley
2022-09-13 15:26:46 -04:00
committed by GitHub
parent 9ab437d6e2
commit 9b5ee8f267
22 changed files with 211 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
coderd/httpapi/cookie_test.go
View File

@ -17,13 +17,13 @@ func TestStripCoderCookies(t *testing.T) {
"testing=hello; wow=test",
"testing=hello; wow=test",
}, {
"session_token=moo; wow=test",
"coder_session_token=moo; wow=test",
"wow=test",
}, {
"another_token=wow; session_token=ok",
"another_token=wow; coder_session_token=ok",
"another_token=wow",
}, {
"session_token=ok; oauth_state=wow; oauth_redirect=/",
"coder_session_token=ok; oauth_state=wow; oauth_redirect=/",
"",
}} {
tc := tc