Closed maltoe closed 11 months ago
@andreasknoepfle Thank you so much for the review :purple_heart: Have only a couple questions left from my perspective, maybe you can help some more :)
Plug.Crypto.sign/4
here. I believe the "user secret" aka salt
is meant to be kept server-side, not handed out alongside the token. Not sure though. I basically hand it out because I wanted to verify the cookie before contacting the Agent to prevent DoS attacks, but perhaps that's bogus and instead the salt
should be kept within the agent? Having second thoughts now... Maybe we can talk about this later
This patch adds
ChromicPDF.AssignsPlug
and the:assigns
option.AssignsPlug
:assigns
option toprint_to_pdf/2
and handle it inPDFOptions