Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Update develop with hotfixes from master. #59

Merged
merged 13 commits into from
Jun 9, 2022
Merged

Update develop with hotfixes from master. #59

merged 13 commits into from
Jun 9, 2022

Conversation

ltshb
Copy link
Contributor

@ltshb ltshb commented Jun 9, 2022

No description provided.

ltshb and others added 13 commits November 3, 2021 12:56
@ltshb
Merge pull request #25 from geoadmin/develop
65c811c 
First Release
@ltshb
Merge pull request #29 from geoadmin/develop
13eff61 
#major Release v1.0.0
@hansmannj
Merge pull request #35 from geoadmin/develop
5be7024 
New Release v1.1.0 - #minor
@ltshb
Merge pull request #39 from geoadmin/develop
4e03d2d 
New Release v1.2.0 - #minor
@ltshb
Merge pull request #42 from geoadmin/develop
e2bae7a 
New Release v1.2.1 - #patch
@hansmannj
Merge pull request #44 from geoadmin/develop
54b74a7 
New Release v1.2.2 - #patch
@ltshb
Merge pull request #47 from geoadmin/develop
6bfccca 
New Release v1.3.0 - #minor
@ltshb
Merge pull request #49 from geoadmin/develop
77bcfe3 
New Release  - #patch
@ltshb
Merge pull request #51 from geoadmin/develop
61d942b 
New Release v1.4.1 - #patch
@ltshb
Merge pull request #55 from geoadmin/develop
b2c53dc 
New Release v1.5.0 - #minor
@ltshb
Merge pull request #57 from geoadmin/develop
9042476 
New Release v1.5.1 - #patch
@ltshb
BGDIINF_SB-2420: Origin validation fixes - #patch
fe4c17b 
In the case where the request is done from a subdomain the Origin header and
the Sec-Fetch-Site headers were set. The later was however not set to
'same-origin' but 'same-site' because the origin is not equal but from a subdomain.

Due to this the validation failed because we only allowed Sec-Fetch-Site==same-origin.
This would also have been an issue if we would allow a cross site origin in
the allowed domain, in this case the Sec-Fetch-Site would be 'cross-site'.

So changed the validation logic to be clearer and correct. The validation is
done only on the Origin header with a first fallback to Sec-Fetch-Site if Origin
is not available and a last fallback to Referer header if the previous are
not available.
@ltshb
Merge pull request #58 from geoadmin/bug-BGDIINF_SB-2420-origin-valid…
74b4c47 
…ation

BGDIINF_SB-2420: Origin validation fixes   - #patch
@ltshb ltshb changed the title Master Update develop with hotfixes from master. Jun 9, 2022
@ltshb ltshb requested a review from jedef June 9, 2022 08:44
@ltshb ltshb merged commit 94d0c58 into develop Jun 9, 2022
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jedef jedef jedef approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ltshb @jedef @hansmannj