freshlybakedca.ke / patisserie
Your one-stop-cake-shop for everything Freshly Baked has to offer
fork atom

fix(m/security): block Cross-Site Request Forgery #188

closed opened by a.starrysky.fyi targeting main from private/minion/push-xpqrvpwlrtsk

We were previously vulnerable to cross-site request forgery: someone giving us a link that ran an action from somewhere else. To fix this, we can tie a token which is sent along with all our actions to a session. That way, an attacker won't know the correct token to run an action on behalf of a user

STACK 4
#190 feat(m): add regex support
5/5
0
#3
#189 refactor(m): split into separate files
5/5
0
#3
#188 fix(m/security): block Cross-Site Request Forgery
5/5
0
#5
#187 chore(pm): update some pins
5/5
0
#5
ABANDONED PULLS 3
#186 feat(pm/fava): allow adding extra files
5/5
0
#1
#185 feat(pm/wiki): allow more file uploads
0
#1
#184 feat(pm/pds): automatically age-assure users
0
#1
Labels

None yet.

requested-reviewers

None yet.

approved

None yet.

tested-working

None yet.

rejected

None yet.

assignee

None yet.

Participants 1
AT URI
at://did:plc:uuyqs6y3pwtbteet4swt5i5y/sh.tangled.repo.pull/3mdi2nvgvon22
Interdiff #4 #5
unified split
menu/Cargo.lock

This file has not been changed.

menu/Cargo.toml

This file has not been changed.

menu/src/html/create.html

This file has not been changed.

menu/src/html/create/conflict.html

This file has not been changed.

menu/src/html/create/success.html

This file has not been changed.

menu/src/main.rs

This file has not been changed.

History

6 rounds 0 comments
sign up or login to add to the discussion
a.starrysky.fyi submitted #5
diff
1 commit
expand
096f1931
fix(m/security): block Cross-Site Request Forgery
5/5 success
expand
deadnix.yml
packetmix-build.yml
packetmix-npins-duplicate-check.yml
packetmix-treefmt.yaml
reuse.yml
expand 0 comments
closed without merging
a.starrysky.fyi submitted #4
diff interdiff
1 commit
expand
096f1931
fix(m/security): block Cross-Site Request Forgery
5/5 success
expand
deadnix.yml
packetmix-build.yml
packetmix-npins-duplicate-check.yml
packetmix-treefmt.yaml
reuse.yml
expand 0 comments
a.starrysky.fyi submitted #3
diff interdiff
1 commit
expand
096f1931
fix(m/security): block Cross-Site Request Forgery
5/5 success
expand
deadnix.yml
packetmix-build.yml
packetmix-npins-duplicate-check.yml
packetmix-treefmt.yaml
reuse.yml
expand 0 comments
a.starrysky.fyi submitted #2
diff interdiff
1 commit
expand
096f1931
fix(m/security): block Cross-Site Request Forgery
5/5 success
expand
deadnix.yml
packetmix-build.yml
packetmix-npins-duplicate-check.yml
packetmix-treefmt.yaml
reuse.yml
expand 0 comments
a.starrysky.fyi submitted #1
diff interdiff
1 commit
expand
e45a1929
fix(m/security): block Cross-Site Request Forgery
expand 0 comments
a.starrysky.fyi submitted #0
diff
1 commit
expand
41e2ca09
fix(m/security): block Cross-Site Request Forgery
expand 0 comments