codecov[bot]
commented
2 months ago Codecov Report
All modified and coverable lines are covered by tests :white_check_mark:
Project coverage is 98.41%. Comparing base (
362ec76) to head (098e964).
Additional details and impacted files
```diff @@ Coverage Diff @@ ## master #972 +/- ## ======================================= Coverage 98.40% 98.41% ======================================= Files 35 35 Lines 4527 4531 +4 ======================================= + Hits 4455 4459 +4 Misses 72 72 ```:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.
We used to set the CSRF_COOKIE (if configured) at the end of a successful authentication. For 2-factor that meant that /tf-validate needed to have the CSRF-HEADER set manually (as well as /login). There seems no reason not to set the CSRF-COOKIE on GET /login - just as we return the csrf_token - so that all endpoints can use the cookie if wanted (which is what many js frameworks do).
There appeared to be no CSRF tests for logging in with unified sign in - now there is.
closes #965