synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-15 22:20:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Implement (but not enforce) CSRF for FE requests (#3786)

Browse Source 
Future work is to enforce CSRF

Co-authored-by: Presley Pizzo <presley@coder.com>
This commit is contained in:
Steven Masley
2022-09-13 15:26:46 -04:00
committed by GitHub
parent 9ab437d6e2
commit 9b5ee8f267
22 changed files with 211 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
coderd/httpmw/authorize_test.go
View File

@ -93,10 +93,7 @@ func TestExtractUserRoles(t *testing.T) {
})
req := httptest.NewRequest("GET", "/", nil)
req.AddCookie(&http.Cookie{
Name: codersdk.SessionTokenKey,
Value: token,
})
req.Header.Set(codersdk.SessionCustomHeader, token)
rtr.ServeHTTP(rw, req)
resp := rw.Result()