synced/coder
1
0
Fork 0
mirror of https://github.com/coder/coder.git synced 2025-07-15 22:20:27 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Implement (but not enforce) CSRF for FE requests (#3786)

Browse Source 
Future work is to enforce CSRF

Co-authored-by: Presley Pizzo <presley@coder.com>
This commit is contained in:
Steven Masley
2022-09-13 15:26:46 -04:00
committed by GitHub
parent 9ab437d6e2
commit 9b5ee8f267
22 changed files with 211 additions and 115 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
coderd/httpmw/workspaceagentparam_test.go
View File

@ -29,10 +29,7 @@ func TestWorkspaceAgentParam(t *testing.T) {
hashed = sha256.Sum256([]byte(secret))
)
r := httptest.NewRequest("GET", "/", nil)
r.AddCookie(&http.Cookie{
Name: codersdk.SessionTokenKey,
Value: fmt.Sprintf("%s-%s", id, secret),
})
r.Header.Set(codersdk.SessionCustomHeader, fmt.Sprintf("%s-%s", id, secret))
userID := uuid.New()
username, err := cryptorand.String(8)