Skip to content

sso-proxy: clear csrf token further down the request flow #170

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
Jusshersmith merged 1 commit into from
Apr 23, 2019
Merged

sso-proxy: clear csrf token further down the request flow #170

Jusshersmith merged 1 commit into from
Apr 23, 2019

Conversation

@Jusshersmith
Copy link
Contributor

@Jusshersmith Jusshersmith commented Mar 28, 2019

Problem

Currently, upon refresh of the Group membership required error page it changes to a http: named cookie not present error page. Related issue: #94

Solution

We currently remove the CSRF token from the request after getting and assigning it to a new variable. If, further down the flow the request is found to be invalid for some reason (in this case, the user not being in the required groups) then the relevant error page is given. Upon refresh it tries to grab the CSRF token again however it's no longer part of the request, and so it errors in a less helpful and informative way.

Instead, only clear the CSRF token once we know the request has passed the various checks

jphines
jphines previously approved these changes Mar 28, 2019
View reviewed changes
@Jusshersmith Jusshersmith force-pushed the jusshersmith-group-membership-refresh-error branch from 2c8348f to 9f1fb4e Compare April 23, 2019 13:23
@Jusshersmith Jusshersmith merged commit d0e8e03 into master Apr 23, 2019
@Jusshersmith Jusshersmith deleted the jusshersmith-group-membership-refresh-error branch April 23, 2019 14:17
@Jusshersmith Jusshersmith mentioned this pull request Apr 25, 2019
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@jphines jphines jphines approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@Jusshersmith @jphines