Skip to content

Fix csrf middleware behavior with header key lookup#2063

Merged
ReneWerner87 merged 4 commits intomasterfrom
fix_CSRF_middleware_behavior_with_header_KeyLookup
Aug 30, 2022
Merged

Fix csrf middleware behavior with header key lookup#2063
ReneWerner87 merged 4 commits intomasterfrom
fix_CSRF_middleware_behavior_with_header_KeyLookup

Conversation

@ReneWerner87
Copy link
Member

@ReneWerner87 ReneWerner87 commented Aug 30, 2022
edited
Loading

Description

This should
Fixes #2045

Type of change

Please delete options that are not relevant.

  • Bug fix (non-breaking change which fixes an issue)

Checklist:

  • I have performed a self-review of my own code
  • I have commented my code, particularly in hard-to-understand areas
  • I have added tests that prove my fix is effective or that my feature works
  • I tried to make my code as fast as possible with as few allocations as possible
  • For new code I have written benchmarks so that they can be analyzed and improved

Commit formatting:

Use emojis on commit messages so it provides an easy way of identifying the purpose or intention of a commit. Check out the emoji cheatsheet here: https://gitmoji.carloscuesta.me/

ReneWerner87
ReneWerner87 commented Aug 30, 2022
View reviewed changes
middleware/csrf/csrf_test.go
utils.AssertEqual(t, "empty CSRF token", string(ctx.Response.Body()))
}

// TODO: use this test case and make the unsafe header value bug from https://github.com/gofiber/fiber/issues/2045 reproducible and permanently fixed/tested by this testcase
Copy link
Member Author

@ReneWerner87 ReneWerner87 Aug 30, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

#2045 (comment)

@ReneWerner87 ReneWerner87 requested a review from efectn August 30, 2022 11:21
@ReneWerner87 ReneWerner87 merged commit ec96d16 into master Aug 30, 2022
@efectn efectn deleted the fix_CSRF_middleware_behavior_with_header_KeyLookup branch August 30, 2022 12:49
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@efectn efectn efectn approved these changes

Assignees

No one assigned

Labels

☢️ Bug

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

🐛 [Bug]: Strange CSRF middleware behavior with header KeyLookup configuration

2 participants

@ReneWerner87 @efectn