Use CSRF token for googleauth #33

zachmullen · 2014-07-16T18:40:39Z

We should generate a token and store it in a cookie for the user, then validate it at completion of the OAuth flow to prevent CSRF.

Fixes #33. Use session token for googleauth login to protect from CSRF

zachmullen mentioned this issue Jul 16, 2014

On googleauth login, redirect user to the page they were previously on #32

Merged

zachmullen closed this as completed in b48e17c Jul 21, 2014

zachmullen added a commit that referenced this issue Jul 21, 2014

Merge pull request #40 from midasplatform/googleauth-csrf

6f7b6fd

Fixes #33. Use session token for googleauth login to protect from CSRF

jamiesnape added the enhancement label Oct 8, 2014

jamiesnape modified the milestone: Version 3.4 Apr 2, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Use CSRF token for googleauth #33

Use CSRF token for googleauth #33

zachmullen commented Jul 16, 2014

Use CSRF token for googleauth #33

Use CSRF token for googleauth #33

Comments

zachmullen commented Jul 16, 2014