Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Verification submission endpoint (submitSelfServiceVerificationFlow) still requires CSRF cookie for API flows #1368

Closed
aeneasr opened this issue May 20, 2021 · 1 comment
Closed

Verification submission endpoint (submitSelfServiceVerificationFlow) still requires CSRF cookie for API flows #1368

aeneasr opened this issue May 20, 2021 · 1 comment
Assignees
@aeneasr
Labels
bug Something is not working.
Milestone
v0.7.0-alpha.1

Comments

@aeneasr
Copy link
Member

aeneasr commented May 20, 2021

Describe the bug

The following will fail with a 400 CSRF error despite it being an API flow:

      const flow = (
        await ory
          .initializeSelfServiceVerificationForNativeApps()
          .catch(catcher)
      ).data
      await expect(
        (await ory.getSelfServiceVerificationFlow(flow.id).catch(catcher)).data
          .id
      ).toEqual(flow.id)
      expect(flow.type).toEqual('api')
      await expect(
        ory
          .submitSelfServiceVerificationFlow(flow.id, {
            method: 'link',
            email: user.email
          })
          .catch(catcher)
      ).resolves.toBeTruthy()

Expected behavior

No CSRF issue

Environment

  • Version: master
@aeneasr aeneasr added the bug Something is not working. label May 20, 2021
@aeneasr aeneasr added this to the v0.7.0-alpha.1 milestone May 20, 2021
@aeneasr aeneasr self-assigned this May 20, 2021
@aeneasr aeneasr mentioned this issue May 20, 2021
Closed
@aeneasr aeneasr mentioned this issue Jun 13, 2021
Closed
@aeneasr
Copy link
Member Author

aeneasr commented Jun 14, 2021

Note to self: still an issue

aeneasr added a commit that referenced this issue Jun 16, 2021
@aeneasr
fix: incorrect openapi specification for verification submission
19aea54 
Closes #1368
aeneasr added a commit that referenced this issue Jun 16, 2021
@aeneasr
fix: incorrect openapi specification for verification submission
6bb045a 
Closes #1368
harnash pushed a commit to Wikia/kratos that referenced this issue Jun 16, 2021
@aeneasr @harnash
fix: incorrect openapi specification for verification submission (ory…
4601d02 
…#1431)

Closes ory#1368
harnash pushed a commit to Wikia/kratos that referenced this issue Jun 17, 2021
@aeneasr @harnash
fix: incorrect openapi specification for verification submission (ory…
50a14cc 
…#1431)

Closes ory#1368
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@aeneasr aeneasr

Labels
bug Something is not working.
Projects
None yet
Milestone
v0.7.0-alpha.1
Development

No branches or pull requests
1 participant
@aeneasr