Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feature: allow setting SameSite on X-Uaa-Csrf cookie #2439

Merged
merged 1 commit into from
Sep 19, 2023
Merged

feature: allow setting SameSite on X-Uaa-Csrf cookie #2439

merged 1 commit into from
Sep 19, 2023

Conversation

mikeroda
Copy link
Contributor

No description provided.

@cf-gitbot
Copy link

We have created an issue in Pivotal Tracker to manage this:

https://www.pivotaltracker.com/story/show/185806400

The labels on this github issue will be updated when the story is started.

@strehle
Copy link
Member

strehle commented Sep 13, 2023

@mikeroda can you please describe how you want use this feature. I see a test, but there is no external configuration option, so to me you can only use this if you have our own UAA as fork but call the api in your forked UAA.

@strehle strehle added the clarification needed The issue is not accepted but we need clarification label Sep 13, 2023
strehle
strehle approved these changes Sep 14, 2023
View reviewed changes
Copy link
Member

@strehle strehle left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

ok for me

@mikeroda
Copy link
Contributor Author

@strehle that is correct. This is useful for projects that fork UAA and call the API to change the SameSite configuration on the X-Uaa-Csrf cookie. Might seem trivial but is a lot more convenient than extending the class to add the setter method.

@strehle strehle removed the clarification needed The issue is not accepted but we need clarification label Sep 19, 2023
@strehle
Copy link
Member

strehle commented Sep 19, 2023

@strehle that is correct. This is useful for projects that fork UAA and call the API to change the SameSite configuration on the X-Uaa-Csrf cookie. Might seem trivial but is a lot more convenient than extending the class to add the setter method.

Ok, I am fine with

@strehle strehle merged commit 9214a31 into cloudfoundry:develop Sep 19, 2023
@cf-gitbot cf-gitbot added delivered accepted Accepted the issue and removed delivered labels Nov 9, 2023
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@strehle strehle strehle approved these changes

@swalchemist swalchemist Awaiting requested review from swalchemist

@Tallicia Tallicia Awaiting requested review from Tallicia

Assignees
No one assigned
Labels
accepted Accepted the issue
Projects
Foundational Infrastructure Working Group
Archived in project
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@mikeroda @cf-gitbot @strehle