Add CSRF token #9295

janthoXO · 2024-09-07T12:53:50Z

Is your feature request related to a problem?

The VSCode plugin embeds artemis in an iframe. for the website to still function in the iframe and use the cookie correctly the sameSite attribute has to be set to none. This could impose a security risk.

Describe the solution you'd like

To make the cookie nevertheless secure, a csrf token should be implemented. Even without sameSite=none the token adds additional security

Branch Bug LocalVC fails because of missing CSRF Header #9363

The text was updated successfully, but these errors were encountered:

janthoXO added enhancement security Pull requests that address a security vulnerability server Pull requests that update Java code. (Added Automatically!) labels Sep 7, 2024

janthoXO self-assigned this Sep 7, 2024

janthoXO linked a pull request Sep 7, 2024 that will close this issue

Development: Test VSCode plugin support #8840

Closed

janthoXO added the priority:high label Sep 12, 2024

coderabbitai bot mentioned this issue Oct 1, 2024

General: Add csrf protection + sameSite none cookie #9404

Closed

29 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add CSRF token #9295

Add CSRF token #9295

janthoXO commented Sep 7, 2024 •

edited

Loading

Add CSRF token #9295

Add CSRF token #9295

Comments

janthoXO commented Sep 7, 2024 • edited Loading

Is your feature request related to a problem?

Describe the solution you'd like

janthoXO commented Sep 7, 2024 •

edited

Loading