Skip to content

root: set csrf cookie's secure flag same as session#6350

Merged
BeryJu merged 1 commit intomainfrom
root/csrf-secure-like-session
Jul 24, 2023
Merged

root: set csrf cookie's secure flag same as session#6350
BeryJu merged 1 commit intomainfrom
root/csrf-secure-like-session

Conversation

@BeryJu
Copy link
Member

@BeryJu BeryJu commented Jul 24, 2023

Details

  • Does this resolve an issue?
    Resolves #

Changes

New Features

  • Adds feature which does x, y, and z.

Breaking Changes

  • Adds breaking change which causes <issue>.

Checklist

  • Local tests pass (ak test authentik/)
  • The code has been formatted (make lint-fix)

If an API change has been made

  • The API schema has been updated (make gen-build)

If changes to the frontend have been made

  • The code has been formatted (make web)
  • The translation files have been updated (make i18n-extract)

If applicable

  • The documentation has been updated
  • The documentation has been formatted (make website)

@BeryJu
root: set csrf cookie's secure flag same as session
a308916 
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
@BeryJu BeryJu requested a review from a team as a code owner July 24, 2023 10:13
@BeryJu BeryJu requested review from kensternberg-authentik and removed request for a team July 24, 2023 10:13
@netlify
Copy link

netlify bot commented Jul 24, 2023
edited
Loading

Deploy Preview for authentik-storybook canceled.

Name Link
🔨 Latest commit a308916
🔍 Latest deploy log https://app.netlify.com/sites/authentik-storybook/deploys/64be4ee4369b3f00081cfcff

@codecov
Copy link

codecov bot commented Jul 24, 2023
edited
Loading

Codecov Report

Patch coverage: 80.00% and no project coverage change.

Comparison is base (4359fab) 92.47% compared to head (a308916) 92.47%.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main    #6350      +/-   ##
==========================================
- Coverage   92.47%   92.47%   -0.00%     
==========================================
  Files         560      560              
  Lines       26993    27003      +10     
==========================================
+ Hits        24959    24968       +9     
- Misses       2034     2035       +1
Flag Coverage Δ
e2e 51.64% <80.00%> (+0.05%) ⬆️
integration 26.52% <0.00%> (-<0.01%) ⬇️
unit 89.29% <80.00%> (-<0.01%) ⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

Impacted Files Coverage Δ
authentik/root/settings.py 88.64% <ø> (ø)
authentik/root/middleware.py 89.10% <80.00%> (-0.90%) ⬇️

... and 1 file with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Do you have feedback about the report comment? Let us know in this issue.

@github-actions
Copy link
Contributor

github-actions bot commented Jul 24, 2023

authentik PR Installation instructions

Instructions for docker-compose

Add the following block to your .env file:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-root-csrf-secure-like-session-1690194369-a308916
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

For arm64, use these values:

AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-root-csrf-secure-like-session-1690194369-a308916-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s

Afterwards, run the upgrade commands from the latest release notes.

Instructions for Kubernetes

Add the following block to your values.yml file:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-root-csrf-secure-like-session-1690194369-a308916

For arm64, use these values:

authentik:
    outposts:
        container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
image:
    repository: ghcr.io/goauthentik/dev-server
    tag: gh-root-csrf-secure-like-session-1690194369-a308916-arm64

Afterwards, run the upgrade commands from the latest release notes.

@BeryJu BeryJu merged commit 7be94df into main Jul 24, 2023
@BeryJu BeryJu deleted the root/csrf-secure-like-session branch July 24, 2023 11:57
kensternberg-authentik added a commit that referenced this pull request Jul 24, 2023
@kensternberg-authentik
Merge branch 'main' into search-flow-abstraction
21ea38b 
* main:
  web/admin: hide pagination when no data is loaded yet (#6353)
  web/admin: adjust style of page header (#6355)
  root: set csrf cookie's secure flag same as session (#6350)
  outposts: Fix infinite self-recursion in traefik reconciler. (#6336)
  outposts: fix patch processing (#6338)
  web: bump API Client version (#6351)
  Updates for file web/xliff/en.xlf in zh_CN on branch main (#6340)
  Updates for file web/xliff/en.xlf in zh-Hans on branch main (#6341)
  enterprise: fix license check not using DER as spec specifies (#6348)
  core: bump goauthentik.io/api/v3 from 3.2023061.3 to 3.2023061.4 (#6342)
  core: bump drf-spectacular from 0.26.3 to 0.26.4 (#6343)
  core: bump ruff from 0.0.278 to 0.0.280 (#6344)
  website: bump postcss from 8.4.26 to 8.4.27 in /website (#6345)
  web: bump @esbuild/linux-arm64 from 0.18.15 to 0.18.16 in /web (#6347)
  web: bump @esbuild/darwin-arm64 from 0.18.15 to 0.18.16 in /web (#6346)
  outposts: support json patch for Kubernetes (#6319)
  providers/oauth2: fix grant_type password raising an exception (#6333)
  web: bump API Client version (#6331)
  enterprise: cleanup v2 (#6330)
  web: bump prettier from 2.8.8 to 3.0.0 in /web (#6329)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kensternberg-authentik kensternberg-authentik Awaiting requested review from kensternberg-authentik kensternberg-authentik was automatically assigned from goauthentik/core

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@BeryJu