implemented csrf on all admin and auth forms #21 7h#49
Open
cdsiats wants to merge 2 commits intostackpress:mainfrom
Open
implemented csrf on all admin and auth forms #21 7h#49cdsiats wants to merge 2 commits intostackpress:mainfrom
cdsiats wants to merge 2 commits intostackpress:mainfrom
Conversation
cblanquera
requested changes
Apr 13, 2026
Member
cblanquera
left a comment
There was a problem hiding this comment.
When I change the value in the csrf field on sign in form I get a JSON response error.
{"code":500,"status":"Internal Server Error","error":"Input buffers must have the same byte length","stack":[{"method":"Object.validateToken","file":"/Users/cblanquera/server/projects/stackpress/csrf-stackpress/stackpress/cjs/csrf/plugin.js","line":30,"char":55},{"method":"<none>","file":"/Users/cblanquera/server/projects/stackpress/csrf-stackpress/stackpress/cjs/session/pages/signin.js","line":46,"char":18},{"method":"Generator.next","file":"<anonymous>","line":0,"char":0},{"method":"fulfilled","file":"/Users/cblanquera/server/projects/stackpress/csrf-stackpress/stackpress/cjs/session/pages/signin.js","line":5,"char":58}]}
What do you think a normal person would think if they saw that? The issue clearly states:
Properly report an error if invalid 419 Page Expired with message This page may have been requested from an external source. We corrected the issue. Please try again. Load the form/confirmation view again (do not redirect out).
| //variables | ||
| const tokenKey = config.path('csrf.name', 'csrf'); | ||
| const token = config.path('csrf.token', ''); | ||
| const confirmUrl = "?confirmed=true&" + tokenKey + "=" + token; |
Member
There was a problem hiding this comment.
use the more elegant URLSearchParams. https://developer.mozilla.org/en-US/docs/Web/API/URLSearchParams
| //variables | ||
| const tokenKey = config.path('csrf.name', 'csrf'); | ||
| const token = config.path('csrf.token', ''); | ||
| const confirmUrl = "?confirmed=true&" + tokenKey + "=" + token; |
Member
There was a problem hiding this comment.
use the more elegant URLSearchParams. https://developer.mozilla.org/en-US/docs/Web/API/URLSearchParams
… for restore and remove pages stackpress#21 3h
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
What is this PR for?
I verify that...
npm run testwith no errors