Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add CSRF handling on API endpoints #5446

Closed
wants to merge 1 commit into from
Closed

Add CSRF handling on API endpoints #5446

wants to merge 1 commit into from

Conversation

bigint
Copy link
Member

@bigint bigint commented Nov 7, 2024
edited
Loading

Related to #5356

Add CSRF handling to API endpoints and web application.

  • API Changes:

    • Import and use helmet middleware for CSRF protection in apps/api/src/server.ts.
    • Create a new middleware file apps/api/src/helpers/middlewares/csrf.ts for CSRF protection.
    • Import and use the CSRF middleware in apps/api/src/routes/email/update.ts, apps/api/src/routes/email/verify.ts, and apps/api/src/routes/webhooks/signup.ts.

  • Web Application Changes:

    • Modify apps/web/src/helpers/getAuthApiHeaders.ts to include the CSRF token in the headers.
    • Obtain the CSRF token from the server and store it securely in apps/web/src/pages/_app.tsx.

For more details, open the Copilot Workspace session.

@bigint
Add CSRF handling on API endpoints
f15c67c 
Related to #5356

Add CSRF handling to API endpoints and web application.

* **API Changes:**
  - Import and use `helmet` middleware for CSRF protection in `apps/api/src/server.ts`.
  - Create a new middleware file `apps/api/src/helpers/middlewares/csrf.ts` for CSRF protection.
  - Import and use the CSRF middleware in `apps/api/src/routes/email/update.ts`, `apps/api/src/routes/email/verify.ts`, and `apps/api/src/routes/webhooks/signup.ts`.

* **Web Application Changes:**
  - Modify `apps/web/src/helpers/getAuthApiHeaders.ts` to include the CSRF token in the headers.
  - Obtain the CSRF token from the server and store it securely in `apps/web/src/pages/_app.tsx`.

---

For more details, open the [Copilot Workspace session](https://copilot-workspace.githubnext.com/heyxyz/hey/issues/5356?shareId=XXXX-XXXX-XXXX-XXXX).
@vercel Vercel
Copy link

vercel bot commented Nov 7, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
web ✅ Ready (Inspect) Visit Preview Nov 7, 2024 4:47am

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Nov 7, 2024

Cat Gif

@bigint bigint requested a review from Copilot November 7, 2024 04:43
Copilot
Copilot AI reviewed Nov 7, 2024
View reviewed changes

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 5 out of 7 changed files in this pull request and generated no suggestions.

Files not reviewed (2)
  • apps/api/src/helpers/middlewares/csrf.ts: Evaluated as low risk
  • apps/api/src/routes/email/update.ts: Evaluated as low risk
@bigint bigint closed this Nov 7, 2024
@bigint bigint deleted the bigint/add-csrf-handling branch November 8, 2024 18:46
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot Copilot left review comments

Assignees
No one assigned
Labels
None yet
Projects
Hey 🌺
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@bigint