8000 Can't extend togglz-console CSRF protection with SPI · Issue #1088 · togglz/togglz · GitHub
[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Can't extend togglz-console CSRF protection with SPI #1088

Open
ayalp opened this issue Jul 27, 2023 · 0 comments
Open

Can't extend togglz-console CSRF protection with SPI #1088

ayalp opened this issue Jul 27, 2023 · 0 comments

Comments

@ayalp
Copy link
ayalp commented Jul 27, 2023

CSRF protec 56A9 tion seems to be extendable by implementing the CSRFTokenProvider and CSRFTokenValidator classes.
However as seen here, the feature-actions button url only passes a token with the name "togglz_csrf", which is the name of the default CSRFTokenProvider implementation.
As comparison, the form here passes the tokens of all providers. I suppose the same mechanism should be used for the feature-actions button as well.
As it is now, it's not possible to add a functioning implementation to the CSRF token interfaces.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@ayalp
0