Refactor to allow CSRF bypass, improve error logging for API authoring #176
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mgaffigan
force-pushed
the
maint/add-server-error
branch
from
ab26cad to
3cba2c1
Compare
mgaffigan
force-pushed
the
maint/add-server-error
branch
from
3cba2c1 to
c5443b7
Compare
Contributor
Author
|
@tonygermano, rewrote history here as well by topic. |
kpalang
requested review from
a team,
jonbartels,
kayyagari,
kpalang and
tonygermano
and removed request for
a team
kpalang
requested changes
Oct 11, 2025
Contributor
kpalang
left a comment
kpalang
left a comment
There was a problem hiding this comment.
Could you explain why you've chosen to go with static configuration in the class instead of the previous instantiation approach?
server/src/com/mirth/connect/server/api/providers/RequestedWithFilter.java
Show resolved
Hide resolved
server/src/com/mirth/connect/server/api/providers/RequestedWithFilter.java
Show resolved
Hide resolved
mgaffigan
force-pushed
the
maint/add-server-error
branch
from
c5443b7 to
8620766
Compare
kpalang
previously approved these changes
Oct 11, 2025
jonbartels
previously approved these changes
Oct 14, 2025
tonygermano
requested changes
Nov 26, 2025
Member
tonygermano
left a comment
tonygermano
left a comment
There was a problem hiding this comment.
I made a few comments and questions. The headers should be addressed. The questions may just need to be answered with no changes if you don't think any are necessary.
I'm assuming that since there are not any methods yet which use the DontRequireRequestedWith annotation that it is not possible for someone to manually test whether it is working as intended or not?
server/src/com/mirth/connect/server/api/providers/RequestedWithFilter.java
Show resolved
Hide resolved
server/src/com/mirth/connect/server/api/providers/RequestedWithFilter.java
Show resolved
Hide resolved
server/test/com/mirth/connect/server/api/providers/RequestedWithFilterTest.java
Outdated
Show resolved
Hide resolved
server/test/com/mirth/connect/server/api/providers/RequestedWithFilterTest.java
Show resolved
Hide resolved
Signed-off-by: Mitch Gaffigan <mitch.gaffigan@comcast.net>
mgaffigan
force-pushed
the
maint/add-server-error
branch
from
8620766 to
9b6b9f1
Compare
Contributor
Author
|
@tonygermano, as far as how to test the behavior dynamically:
|
mgaffigan
force-pushed
the
maint/add-server-error
branch
2 times, most recently
from
9bf0fd5 to
dbdadd3
Compare
Signed-off-by: Mitch Gaffigan <mitch.gaffigan@comcast.net>
mgaffigan
force-pushed
the
maint/add-server-error
branch
from
dbdadd3 to
b5a5f4d
Compare
jonbartels
approved these changes
Dec 3, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
4 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
X-Requested-Withheader) on endpoints that opt-in with@DontRequireRequestedWithIn support for future merge of mgaffigan:feature/add-oidc-auth