-
Notifications
You must be signed in to change notification settings - Fork 5.8k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
csrf protection in job_agent #47710
base: master
Are you sure you want to change the base?
csrf protection in job_agent #47710
Conversation
a74a272
to
783e182
Compare
return Response( | ||
text="Method not allowed", | ||
status=aiohttp.web.HTTPNotAllowed.status_code, | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Should we tell people that browser requests are not supported? Or do we purposely not expose this detail?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I don't think there's meaningful value to hiding it although you are so far from a supported path if you wind up there. I can adjust the message.
72f620b
to
862526c
Compare
862526c
to
13a8b6a
Compare
9372710
to
0c77509
Compare
7f18443
to
7bff12f
Compare
Signed-off-by: Richo Healey <[email protected]>
Signed-off-by: Richo Healey <[email protected]>
Signed-off-by: Richo Healey <[email protected]>
Signed-off-by: Richo Healey <[email protected]>
Signed-off-by: Richo Healey <[email protected]>
Signed-off-by: Richo Healey <[email protected]>
Signed-off-by: Richo Healey <[email protected]>
Signed-off-by: Richo Healey <[email protected]>
Signed-off-by: Richo Healey <[email protected]>
Signed-off-by: [email protected] <[email protected]>
Signed-off-by: Richo Healey <[email protected]>
eb8275a
to
b82d2f9
Compare
Signed-off-by: [email protected] <[email protected]>
Signed-off-by: [email protected] <[email protected]>
bc83761
to
0366be8
Compare
…o/csrf-protection
…o/csrf-protection
Signed-off-by: Richo Healey <[email protected]>
Signed-off-by: Richo Healey <[email protected]>
@alanwguo could you have another look? The implementation wound up changing quite a bit. |
r? @alanwguo
Why are these changes needed?
Prevent confused deputy attacks on the job_agent
Checks
git commit -s
) in this PR.scripts/format.sh
to lint the changes in this PR.method in Tune, I've added it in
doc/source/tune/api/
under thecorresponding
.rst
file.(Working on the checks!)