Georges-Antoine Assi
be476cb7dc
Only set CSRF cookie on http.response.start
...
ASGI spec only allows headers on the http.response.start message;
appending Set-Cookie to body messages is out-of-spec and may break on
some servers. Early-return for non-start messages.
Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com >
2026-05-24 15:46:50 -04:00
copilot-swe-agent[bot]
f94206aa53
Refresh CSRF cookie when auth user changes
...
Co-authored-by: gantoine <3247106+gantoine@users.noreply.github.com >
2026-05-24 14:46:31 +00:00
Georges-Antoine Assi
ac43b0aa94
changes from bot review
2025-11-22 11:22:45 -05:00
Georges-Antoine Assi
ec6bb24662
Add new redis-backed session middleware
2025-11-22 10:47:59 -05:00
Georges-Antoine Assi
4f6442a6ad
catch typeerror in csrf token and return false
2025-11-18 16:56:10 -05:00
Georges-Antoine Assi
156d31b62a
Fix CSRF failure on first admin signup
2025-11-18 14:04:47 -05:00
Georges-Antoine Assi
91ad9f7b7f
fix trunk check issues
2025-11-18 10:12:58 -05:00
Georges-Antoine Assi
ee39fe1aba
changes from bot review
2025-11-18 10:09:00 -05:00
Georges-Antoine Assi
d1824bf894
manually fix tests
2025-11-18 00:00:49 -05:00
Georges-Antoine Assi
6a1a344ba2
add tests for middlewares
2025-11-17 23:40:00 -05:00
Georges-Antoine Assi
551ff72a8a
implement csrf middleware directly in repo
2025-11-17 21:12:29 -05:00