freshlybakedca.ke / patisserie

Your one-stop-cake-shop for everything Freshly Baked has to offer

fix(m/security): block Cross-Site Request Forgery #188

closed opened by

a.starrysky.fyi 1 month ago targeting main from private/minion/push-xpqrvpwlrtsk

We were previously vulnerable to cross-site request forgery: someone giving us a link that ran an action from somewhere else. To fix this, we can tie a token which is sent along with all our actions to a session. That way, an attacker won't know the correct token to run an action on behalf of a user

STACK 4

#190 feat(m): add regex support

#189 refactor(m): split into separate files

#188 fix(m/security): block Cross-Site Request Forgery

#187 chore(pm): update some pins

ABANDONED PULLS 3

#186 feat(pm/fava): allow adding extra files

#185 feat(pm/wiki): allow more file uploads

#184 feat(pm/pds): automatically age-assure users

Labels

None yet.

requested-reviewers

None yet.

approved

None yet.

tested-working

None yet.

rejected

None yet.

assignee

None yet.

Participants 1

AT URI

at://did:plc:uuyqs6y3pwtbteet4swt5i5y/sh.tangled.repo.pull/3mdi2nvgvon22

+304 -15

6 changed files

Diff round #5

expand all

menu

Cargo.lock

Cargo.toml

src

html

create

conflict.html

success.html

create.html

main.rs

+210 -4

menu/Cargo.lock

··· ··· ··· ··· ··· ··· ··· ··· ··· ··· ··· ··· ········· ··· ··· ··· ··· ···

····························································

+2

menu/Cargo.toml

···

···

+1

menu/src/html/create.html

···

···

+1 -1

menu/src/html/create/conflict.html

···

···

+1 -1

menu/src/html/create/success.html

···

···

+89 -9

menu/src/main.rs

··· ··· ··· ··· ··· ······ ··· ··· ··· ··· ···

····································

History

6 rounds 0 comments

sign up or login to add to the discussion

a.starrysky.fyi submitted #5 6w

1 commit

expand

096f1931

fix(m/security): block Cross-Site Request Forgery

5/5 success

expand

packetmix-build.yml

success 28min 26s

packetmix-npins-duplicate-check.yml

success 15min 17s

packetmix-treefmt.yaml

expand 0 comments

closed without merging

a.starrysky.fyi submitted #4 6w

1 commit

expand

096f1931

fix(m/security): block Cross-Site Request Forgery

5/5 success

expand

packetmix-build.yml

success 28min 26s

packetmix-npins-duplicate-check.yml

success 15min 17s

packetmix-treefmt.yaml

expand 0 comments

a.starrysky.fyi submitted #3 6w

1 commit

expand

096f1931

fix(m/security): block Cross-Site Request Forgery

5/5 success

expand

packetmix-build.yml

success 28min 26s

packetmix-npins-duplicate-check.yml

success 15min 17s

packetmix-treefmt.yaml

expand 0 comments

a.starrysky.fyi submitted #2 6w

1 commit

expand

096f1931

fix(m/security): block Cross-Site Request Forgery

5/5 success

expand

packetmix-build.yml

success 28min 26s

packetmix-npins-duplicate-check.yml

success 15min 17s

packetmix-treefmt.yaml

expand 0 comments

a.starrysky.fyi submitted #1 6w

1 commit

expand

e45a1929

fix(m/security): block Cross-Site Request Forgery

expand 0 comments

a.starrysky.fyi submitted #0 6w

diff

1 commit

expand

41e2ca09

fix(m/security): block Cross-Site Request Forgery

expand 0 comments