Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[App] Add CSRF token-based mitigation #187

Merged
merged 9 commits into from
Jul 1, 2024
Merged

[App] Add CSRF token-based mitigation #187

merged 9 commits into from
Jul 1, 2024

Commits on Jun 30, 2024

  1. [*.test] Refactor logInAgent to a common place

    @dchege711
    dchege711 committed Jun 30, 2024
    Configuration menu
    Copy the full SHA
    67e2459 View commit details
    Browse the repository at this point in the history

  2. [Deps] npm i --save-dev @types/lusca

    @dchege711
    dchege711 committed Jun 30, 2024
    Configuration menu
    Copy the full SHA
    8cf1a75 View commit details
    Browse the repository at this point in the history

  3. [App] Default CSRF protection on Express app 

    A lot of tests are failing
    @dchege711
    dchege711 committed Jun 30, 2024
    Configuration menu
    Copy the full SHA
    841bfcd View commit details
    Browse the repository at this point in the history

Commits on Jul 1, 2024

  1. [CSRF] Echo back the CSRF token when logging in

    @dchege711
    dchege711 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    83f06a5 View commit details
    Browse the repository at this point in the history

  2. [CSRF] Use the _csrf value that Lusca places in res.locals 

    Filed #186 to track app-wide improvements w.r.t. res.locals and
app.locals.

[1]: https://expressjs.com/en/5x/api.html#res.locals
    @dchege711
    dchege711 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    da7b45a View commit details
    Browse the repository at this point in the history

  3. [CSRF] Echo back CSRF token on all forms served through EJS

    @dchege711
    dchege711 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    df74d7b View commit details
    Browse the repository at this point in the history

  4. [tRPC] Echo the CSRF token through the x-csrf-token header

    @dchege711
    dchege711 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    861c71c View commit details
    Browse the repository at this point in the history

  5. [ES] Support NODE_ENV=test (at least on Posix)

    @dchege711
    dchege711 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    465884b View commit details
    Browse the repository at this point in the history

  6. [CSRF] Disable in testing environment

    @dchege711
    dchege711 committed Jul 1, 2024
    Configuration menu
    Copy the full SHA
    88b6a8a View commit details
    Browse the repository at this point in the history