Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CSRF protection to ReverseProxy authentication on API #22221

Closed
wants to merge 11 commits into from
Closed

Add CSRF protection to ReverseProxy authentication on API #22221

wants to merge 11 commits into from

Commits on Dec 2, 2022

  1. Protection against CSRF added 

    Author-Change-Id: IB#1129006
    @pboguslawski
    pboguslawski committed Dec 2, 2022
    Configuration menu
    Copy the full SHA
    3ad72fa View commit details
    Browse the repository at this point in the history

Commits on Dec 9, 2022

  1. Merge main into main-IB#1129006

    @pboguslawski
    pboguslawski committed Dec 9, 2022
    Configuration menu
    Copy the full SHA
    6cbff66 View commit details
    Browse the repository at this point in the history

Commits on Dec 22, 2022

  1. Merge remote-tracking branch 'origin/main' into main-IB#1129006

    @zeripath
    zeripath committed Dec 22, 2022
    Configuration menu
    Copy the full SHA
    20facdf View commit details
    Browse the repository at this point in the history

  2. fix headers and include head protection 

    Signed-off-by: Andrew Thornton <[email protected]>
    @zeripath
    zeripath committed Dec 22, 2022
    Configuration menu
    Copy the full SHA
    ce74237 View commit details
    Browse the repository at this point in the history

  3. update go-licenses too 

    Signed-off-by: Andrew Thornton <[email protected]>
    @zeripath
    zeripath committed Dec 22, 2022
    Configuration menu
    Copy the full SHA
    a400c77 View commit details
    Browse the repository at this point in the history

  4. Update cors.go

    @pboguslawski
    pboguslawski authored Dec 22, 2022
    Configuration menu
    Copy the full SHA
    2b20046 View commit details
    Browse the repository at this point in the history

  5. Update middleware.go 

    According to
https://cheatsheetseries.owasp.org/cheatsheets/Cross-Site_Request_Forgery_Prevention_Cheat_Sheet.html#javascript-guidance-for-auto-inclusion-of-csrf-tokens-as-an-ajax-request-header
GET, HEAD and OPTIONS should not be used for changing state.
    @pboguslawski
    pboguslawski authored Dec 22, 2022
    Configuration menu
    Copy the full SHA
    c5f3abe View commit details
    Browse the repository at this point in the history

  6. Merge branch 'main-IB#1129006' into replace-22077-fix-copyright-heade… 

    …r-and-make-updatable
    @zeripath
    zeripath committed Dec 22, 2022
    Configuration menu
    Copy the full SHA
    663d4c2 View commit details
    Browse the repository at this point in the history

  7. refix copyright header 

    Signed-off-by: Andrew Thornton <[email protected]>
    @zeripath
    zeripath committed Dec 22, 2022
    Configuration menu
    Copy the full SHA
    5d3de60 View commit details
    Browse the repository at this point in the history

  8. Update routers/common/middleware.go

    @zeripath
    zeripath authored Dec 22, 2022
    Configuration menu
    Copy the full SHA
    42faf67 View commit details
    Browse the repository at this point in the history

  9. fix fmt 

    Signed-off-by: Andrew Thornton <[email protected]>
    @zeripath
    zeripath committed Dec 22, 2022
    Configuration menu
    Copy the full SHA
    10ad101 View commit details
    Browse the repository at this point in the history