New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add a CSRF token to the state parameter #5

Open

robotdan opened this issue Mar 31, 2020 · 3 comments

Member

robotdan commented Mar 31, 2020

If NodeBB supports a CSRF token, we can grab it or generate a new one and pass it along in the state parameter.

julianlam commented Dec 29, 2021 •

edited

@robotdan Yes, we do send one in:

https://github.com/NodeBB/NodeBB/blob/fb363957d1ff8ac63c0a50aaeeb2dd86975876bc/src/routes/authentication.js#L96-L99

We pass in a csrf token in state and verify that the value is returned in the state param in the query string at the callback URL handler.

Member Author

robotdan commented Dec 30, 2021

Thanks @julianlam !

julianlam commented Dec 30, 2021

Just a tad late on the reply 🙂

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment