search

ansible / django-ansible-base

Apache License 2.0
11 stars 43 forks source link

Enforce CSRF mitigations for JWT authentication #510

Closed BrennanPaciorek closed 1 month ago

BrennanPaciorek commented 2 months ago

Impement enforce_csrf for JWT authenticatior, enabling django CsrfMiddleware. This fixes disabled CSRF protections on sites that use jwt_consumer for authentication.

AAP-20597

sonarcloud[bot] commented 2 months ago

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
88.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

BrennanPaciorek commented 2 months ago

This PR will most likely be closed, since enforcing csrf makes little sense on JWTAuthentication, which does not use cookies on its own at any point during the authentication process.