-
-
Notifications
You must be signed in to change notification settings - Fork 891
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
root: rework CSRF middleware to set secure flag #11753
Conversation
✅ Deploy Preview for authentik-docs ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
✅ Deploy Preview for authentik-storybook ready!
To edit notification comments on pull requests, go to your Netlify site configuration. |
Codecov ReportAttention: Patch coverage is
✅ All tests successful. No failed tests found.
Additional details and impacted files@@ Coverage Diff @@
## main #11753 +/- ##
==========================================
- Coverage 92.69% 92.68% -0.01%
==========================================
Files 745 745
Lines 37005 37003 -2
==========================================
- Hits 34300 34297 -3
- Misses 2705 2706 +1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
0abe4ec
to
2814950
Compare
Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2814950
to
99d6996
Compare
authentik PR Installation instructions Instructions for docker-composeAdd the following block to your AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-99d6996dce4dc9e09f39161a5472883ffcac9413
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s For arm64, use these values: AUTHENTIK_IMAGE=ghcr.io/goauthentik/dev-server
AUTHENTIK_TAG=gh-99d6996dce4dc9e09f39161a5472883ffcac9413-arm64
AUTHENTIK_OUTPOSTS__CONTAINER_IMAGE_BASE=ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s Afterwards, run the upgrade commands from the latest release notes. Instructions for KubernetesAdd the following block to your authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-99d6996dce4dc9e09f39161a5472883ffcac9413 For arm64, use these values: authentik:
outposts:
container_image_base: ghcr.io/goauthentik/dev-%(type)s:gh-%(build_hash)s
global:
image:
repository: ghcr.io/goauthentik/dev-server
tag: gh-99d6996dce4dc9e09f39161a5472883ffcac9413-arm64 Afterwards, run the upgrade commands from the latest release notes. |
* main: (44 commits) web/admin: add strict dompurify config for diagram (#11783) core: bump cryptography from 43.0.1 to 43.0.3 (#11750) web: bump API Client version (#11781) sources: add Kerberos (#10815) root: rework CSRF middleware to set secure flag (#11753) web/admin: improve invalidation flow default & field grouping (#11769) providers/scim: add comparison with existing group on update and delta update users (#11414) website: bump mermaid from 10.6.0 to 10.9.3 in /website (#11766) web/flows: use dompurify for footer links (#11773) core, web: update translations (#11775) core: bump goauthentik.io/api/v3 from 3.2024083.10 to 3.2024083.11 (#11776) website: bump @types/react from 18.3.11 to 18.3.12 in /website (#11777) website: bump http-proxy-middleware from 2.0.6 to 2.0.7 in /website (#11771) web: bump API Client version (#11770) stages: authenticator_endpoint_gdtc (#10477) core: add prompt_data to auth flow (#11702) tests/e2e: fix dex tests failing (#11761) web/rac: disable DPI scaling (#11757) web/admin: update flow background (#11758) website/docs: fix some broken links (#11742) ...
Details
Remove the custom CSRF subclass which sets the Secure flag dynamically, as when the SECURE flag is set statically it is still handled correctly for http/local
closes #11760
Checklist
ak test authentik/
)make lint-fix
)If an API change has been made
make gen-build
)If changes to the frontend have been made
make web
)If applicable
make website
)