README cleanup + CSRF-JWT usage #8
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
added 2 commits
September 13, 2016 14:34
Clarify clone/fork vs. from scratch instructions Add CSRF-JWT demo instructions
This was referenced Sep 14, 2016
Closed
| } | ||
| ``` | ||
|
|
||
| That's it! CSRF protection will be automatically enabled for endpoints added to the app. CSRF JWT tokens will be returned in the headers of every `GET` response and must be provided as a header in every `POST` request. |
There was a problem hiding this comment.
CSRF tokens will be returned in headers and set in cookies, and must be provided in header and cookie in every POST request
https://github.com/electrode-io/electrode-csrf-jwt#how-do-we-validate-csrf
|
@caoyangs I updated the text to clarify cookies in addition to headers |
caoyangs
reviewed
Sep 14, 2016
| @@ -169,7 +169,7 @@ Next, register the plugin with the Electrode server. Add the following configura | |||
| } | |||
| ``` | |||
|
|
|||
| That's it! CSRF protection will be automatically enabled for endpoints added to the app. CSRF JWT tokens will be returned in the headers of every `GET` response and must be provided as a header in every `POST` request. | |||
| That's it! CSRF protection will be automatically enabled for endpoints added to the app. CSRF JWT tokens will be returned in the headers and set as cookies for every `GET` response and must be provided as both a header and a cookie in every `POST` request. | |||
There was a problem hiding this comment.
one more thing, CSRF JWT tokens will be returned in the headers and set as cookies for every response, not just GET response
There was a problem hiding this comment.
@caoyangs thanks, I updated that sentence accordingly
jchip
pushed a commit
that referenced
this pull request
Dec 7, 2016
* Rework README Clarify clone/fork vs. from scratch instructions Add CSRF-JWT demo instructions * Update to clarify CSRF tokens in both headers and cookies * Clarify CSRF-JWT response behavior
jchip
pushed a commit
that referenced
this pull request
Dec 15, 2016
Fix webpack.test to resolve to arch-dev
jchip
added a commit
that referenced
this pull request
Dec 15, 2016
Adds Team Electrode link to readme.md
jchip
pushed a commit
to jchip/electrode
that referenced
this pull request
Mar 16, 2017
…ade issues (electrode-io#8) * upgrade react-tap-event-plugin to v2.0.0 to resolve react 15.4.0 upgrade issues zilverline/react-tap-event-plugin#85 * update version of react and react-dom
datvong-wm
pushed a commit
to datvong-wm/electrode
that referenced
this pull request
Sep 5, 2018
add service registry provider
datvong-wm
pushed a commit
to datvong-wm/electrode
that referenced
this pull request
Sep 5, 2018
Put error message in output
arunvishnun
added a commit
that referenced
this pull request
Mar 28, 2023
* [WIP] Use rush + pnpm for managing monorepo (#1907) * Add rush config files * Add few projects for testing install and build Author: Ashu Verma <[email protected]> * Update Github Workflow to use rush * Add all the packages and fix dependencies Include All the packages in the repo into rush. Fix missing build scripts. Add missing dependencies. * Enabling tests. All of them still don't work * add node 16 in ci (#1901) * add node 16 in ci * [fix]: upgrade xarc-opt-sass to pass node 16 build (#1902) Co-authored-by: Srinath Muthyala <[email protected]> Co-authored-by: mristic505 <[email protected]> * Update github action and fix tests (#1910) * Update github action and adding in several test fixes with rush Co-authored-by: Arun Vishnu <[email protected]> * feat: merge changes from master and fix poc-subapp (#1919) * add two options for improving webpack performance (#1904) Co-authored-by: Steve Herzog <[email protected]> * feature: open browser when proxy is ready (#1905) Co-authored-by: Steve Herzog <[email protected]> * Fix broken reporter link (#1908) * Update changelog * [Publish] - @xarc/[email protected] - @xarc/[email protected] - @xarc/[email protected] * Upgrade poc-subapp and poc-subapp-redux to react18 with rr6 (#1913) * Upgrade POC-SUBAPP-REDUX to React 18 and RR6 * Upgrade poc-subapp to react 16 and RR6 * fix types issues in multiple packages (#1918) * fix types issues in multiple packages Co-authored-by: Arun Vishnu <[email protected]> * fix: poc-subapp and merge changes from master * fix: update devtool to use eval-cheap-module-source-map * chore: remove debug statement Co-authored-by: Steve Herzog <[email protected]> Co-authored-by: Steve Herzog <[email protected]> Co-authored-by: Ashu Verma <[email protected]> Co-authored-by: smuthya <[email protected]> Co-authored-by: mristic505 <[email protected]> Co-authored-by: Arun Vishnu <[email protected]> * fix poc subapp redux when running with rushx (#1920) * Upgrade poc-subapp and poc-subapp-redux to react18 with rr6 (#1913) * Upgrade POC-SUBAPP-REDUX to React 18 and RR6 * Upgrade poc-subapp to react 16 and RR6 * fix types issues in multiple packages (#1918) * fix types issues in multiple packages Co-authored-by: Arun Vishnu <[email protected]> * fix: sample app - poc-subapp-redux * chore: pnpm-lock updated * fix: incorrect filename reference in the import statement * fix: incorrect filename reference in the import statement Co-authored-by: mristic505 <[email protected]> Co-authored-by: Arun Vishnu <[email protected]> * feat: add commitlint configs (#1921) * docs: documentation updates (#1922) * docs: update readme and contribution guidelines * docs: documentation and contribution guidelines updated * docs: update release guidelines * docs: update release guidelines * chore: testing package publish flow (#1925) * fix: update message log * fix: update message log * fix: update message log * cleanup (#1927) * fix: publish flow * fix: clean up * rush test publish package (#1928) * feat: message update - test rush publish * feat: message update - test rush publish * chore: bump versions [skip ci] (#1929) * developer flow - change file creation - test (#1930) * feat: message update - test rush publish * chore: rush change commit * chore: delete test packages created to test publish flow with rush (#1931) * docs: update package publishing process with rush (#1933) * Publishtest (#7) * feat: add a new test package for publish test * chore: new package to test publish operation - commiting change files * chore: bump versions [skip ci] * docs: update package publishing process with rush * chore: remove unused files * chore: remove unused files * chore: update shrinkwrap file * docs: update documentation with commitlint details (#1934) * docs: update documentation with commitlint details * feat: rebase rush changes with master * docs: update documentations * fix: webpack version inconsistency issues * chore: enable temporarly commented lines in rush branch * chore: uncommenting a test case and un necessary console.log * chore: use rever to use clap keep minimal changes against master branch * chore: use mocha config same as master branch * chore: changelog jsons from rush change * fix: types error in xarc-app-dev package (#8) * fix: types error in xarc-app-dev package * docs: update to contribution guidelines * docs: update to contribution guidelines * fix: eslint issues in sample apps (#9) * fix: test issues in sample apps (#10) * fix: test issues in sample apps * fix: test issues in sample apps * chore: allow warnings in successful builds (#11) * fix: test issues in sample apps * fix: test issues in sample apps * chore: allow warnings in successful builds * chore: allow warnings in successful builds * fix: tests for node 12 (#12) * fix: test issues in sample apps * fix: test issues in sample apps * fix: tests for node 12 * test: fix unit test failing in subapp-web@2 * chore: update pnpm lock file * chore: add ci step to verify changelogs available * chore: add ci step to verify changelogs available * chore: add ci step to verify changelogs available --------- Co-authored-by: Ashu Verma <[email protected]> Co-authored-by: Srinath Muthyala <[email protected]> Co-authored-by: Srinath Muthyala <[email protected]> Co-authored-by: mristic505 <[email protected]> Co-authored-by: Arun Vishnu <[email protected]> Co-authored-by: Steve Herzog <[email protected]> Co-authored-by: Steve Herzog <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
No description provided.