feat(signin) : add request headers available to signin and signup view

anvilresearch / connect

A modern authorization server built to authenticate your users and protect your APIs

http://anvil.io

MIT License

361 stars 85 forks source link

feat(signin) : add request headers available to signin and signup view #325

Closed bmeriaux closed 7 years ago

bmeriaux commented 8 years ago

Useful to get cookie, referer, etc if needed for the signin/signup form

christiansmith commented 8 years ago

Hi @bmeriaux. Thanks for the PR.

I'm concerned about the idea of exposing secure cookies in the view. Can you explain your use case and why you need access to the headers in the view templates?

bmeriaux commented 8 years ago

hi, for my particular use case, i only need the referer to know where come from client, because they share the same clientId on multiple domains, and my backend authenticator needs this info. And i cannot use query string, since it is authorize endpoint which generates the redirection So if exposing all headers creates security concerns, i can refactor to just expose the referer, would it be ok ?