Commit Graph

11 Commits

Author SHA1 Message Date
Georges-Antoine Assi
be476cb7dc Only set CSRF cookie on http.response.start
ASGI spec only allows headers on the http.response.start message;
appending Set-Cookie to body messages is out-of-spec and may break on
some servers. Early-return for non-start messages.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-24 15:46:50 -04:00
copilot-swe-agent[bot]
f94206aa53 Refresh CSRF cookie when auth user changes
Co-authored-by: gantoine <3247106+gantoine@users.noreply.github.com>
2026-05-24 14:46:31 +00:00
Georges-Antoine Assi
ac43b0aa94 changes from bot review 2025-11-22 11:22:45 -05:00
Georges-Antoine Assi
ec6bb24662 Add new redis-backed session middleware 2025-11-22 10:47:59 -05:00
Georges-Antoine Assi
4f6442a6ad catch typeerror in csrf token and return false 2025-11-18 16:56:10 -05:00
Georges-Antoine Assi
156d31b62a Fix CSRF failure on first admin signup 2025-11-18 14:04:47 -05:00
Georges-Antoine Assi
91ad9f7b7f fix trunk check issues 2025-11-18 10:12:58 -05:00
Georges-Antoine Assi
ee39fe1aba changes from bot review 2025-11-18 10:09:00 -05:00
Georges-Antoine Assi
d1824bf894 manually fix tests 2025-11-18 00:00:49 -05:00
Georges-Antoine Assi
6a1a344ba2 add tests for middlewares 2025-11-17 23:40:00 -05:00
Georges-Antoine Assi
551ff72a8a implement csrf middleware directly in repo 2025-11-17 21:12:29 -05:00