Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix csrf middleware behavior with header key lookup #2063

Merged
merged 4 commits into from Aug 30, 2022
Merged

Fix csrf middleware behavior with header key lookup #2063

merged 4 commits into from Aug 30, 2022

Conversation

ReneWerner87
Copy link
Member

@ReneWerner87 ReneWerner87 commented Aug 30, 2022
edited

Description

This should
Fixes #2045

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added tests that prove my fix is effective or that my feature works
  • I tried to make my code as fast as possible with as few allocations as possible
  • For new code I have written benchmarks so that they can be analyzed and improved

Commit formatting:

Use emojis on commit messages so it provides an easy way of identifying the purpose or intention of a commit. Check out the emoji cheatsheet here: https://gitmoji.carloscuesta.me/

ReneWerner87
ReneWerner87 commented Aug 30, 2022
View reviewed changes
middleware/csrf/csrf_test.go
@@ -340,3 +340,111 @@ func Test_CSRF_ErrorHandler_EmptyToken(t *testing.T) {
utils.AssertEqual(t, 419, ctx.Response.StatusCode())
utils.AssertEqual(t, "empty CSRF token", string(ctx.Response.Body()))
}

// TODO: use this test case and make the unsafe header value bug from https://github.com/gofiber/fiber/issues/2045 reproducible and permanently fixed/tested by this testcase
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#2045 (comment)

@ReneWerner87 ReneWerner87 merged commit ec96d16 into master Aug 30, 2022
@efectn efectn deleted the fix_CSRF_middleware_behavior_with_header_KeyLookup branch August 30, 2022 12:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@efectn efectn efectn approved these changes

Assignees
No one assigned
Labels
☢️ Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

🐛 [Bug]: Strange CSRF middleware behavior with header KeyLookup configuration
2 participants
@ReneWerner87 @efectn