search

ionic-team / ionic-framework

A powerful cross-platform UI toolkit for building native-quality iOS, Android, and Progressive Web Apps with HTML, CSS, and JavaScript.
https://ionicframework.com
MIT License
51.01k stars 13.51k forks source link

bug: CSRF warnings in vue, menu starter app #25177

Closed ericis closed 2 years ago

ericis commented 2 years ago

Prerequisites

Ionic Framework Version

Current Behavior

Multiple CSRF warnings from any new, starter Vue application.

image

Expected Behavior

Zero warnings from any new, starter application.

Steps to Reproduce

  1. npm exec -- @ionic/cli start vue-sidemenu sidemenu --type=vue
  2. cd ./vue-sidemenu
  3. yarn && yarn serve
  4. http://localhost:8080/
  5. Open developer tools to "Console"
  6. Observe multiple CSRF warnings

Code Reproduction URL

No response

Ionic Info

Ionic:

   Ionic CLI       : 6.19.0 (C:\Users\iseri\AppData\Local\npm-cache\_npx\f6fddb685269761d\node_modules\@ionic\cli)
   Ionic Framework : @ionic/vue 6.1.2

Capacitor:

   Capacitor CLI      : 3.5.0
   @capacitor/android : not installed
   @capacitor/core    : 3.5.0
   @capacitor/ios     : not installed

Utility:

   cordova-res : not installed globally
   native-run  : 1.5.0

System:

   NodeJS : v16.14.0 (C:\Program Files\nodejs\node.exe)
   npm    : 8.3.1
   OS     : Windows 10

Additional Information

No response

sean-perkins commented 2 years ago

Hello @ericis thank you for reporting this issue.

Following your reproduction steps, I am unable to reproduce these warnings.

Based on your screenshot, it seems likely you have another application that you locally develop against localhost:8080 and that write cookie values to. Ionic's UI does not reference nor create any cookies with R_ conventions and would never capture and store usernames on your behalf.

Can you please try in an incognito tab and let me know if the problem persists?

ericis commented 2 years ago

Thanks @sean-perkins . I should have tried that first as these cookies were simply already attached to "localhost" and had nothing to do with the Vue app. Closing...

ionitron-bot[bot] commented 2 years ago

Thanks for the issue! This issue is being locked to prevent comments that are not relevant to the original issue. If this is still an issue with the latest version of Ionic, please create a new issue and ensure the template is fully filled out.