Add CSRF Token to Builder #1050
Open
+813
−30
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
yeldarby
requested review from
PawelPeczek-Roboflow,
grzegorz-roboflow,
probicheaux,
hansent and
EmilyGavrilenko
as code owners
iurisilvio
reviewed
Feb 24, 2025
| SAFELISTED_HEADERS = {"Accept", "Accept-Language", "Content-Language", "Content-Type"} | ||
|
|
||
|
|
||
| class CORSMiddleware: |
There was a problem hiding this comment.
I'd try to avoid these big copy/pastes because you lose any improvement they do to original code.
You can just extend original behavior.
class OurCORSMiddleware(CORSMiddleware):
def __init__(
self,
app: ASGIApp,
allow_origins: typing.Sequence[str] = (),
allow_methods: typing.Sequence[str] = ("GET",),
allow_headers: typing.Sequence[str] = (),
allow_credentials: bool = False,
allow_origin_regex: str | None = None,
expose_headers: typing.Sequence[str] = (),
max_age: int = 600,
match_paths: str | None = None,
):
super().__init__(
app,
allow_origins=allow_origins,
allow_methods=allow_methods,
allow_headers=allow_headers,
allow_credentials=allow_credentials,
allow_origin_regex=allow_origin_regex,
expose_headers=expose_headers,
max_age=max_age,
)
self.match_paths_regex = re.compile(match_paths) if match_paths else None
async def __call__(self, scope: Scope, receive: Receive, send: Send) -> None:
# If match_paths is provided and does not match, just skip to the next handler:
if self.match_paths_regex is not None:
path = scope.get("path", "")
if not self.match_paths_regex.match(path):
await self.app(scope, receive, send)
return
return super().__call_(scope, receive, send)There was a problem hiding this comment.
Good idea; will update.
|
letting @iurisilvio to handle this and set approval since he is more familiar with the topic |
iurisilvio
previously approved these changes
Feb 26, 2025
First 3 Quickstart Guides
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This passes through a CSRF token to the frontend iframe that it passes back when accessing the API. This will prevent random websites from performing destructive actions on the local server (since they won't know the CSRF token). It also prevents clickjacking attacks because the iframe won't be able to do anything unless is has access to a valid CSRF token (which an attacker won't know so won't be able to iframe the UI in a maliciously constructed page).
Update: this also includes #1056 (which was approved separately) with docs content that depends on this.
Type of change
How has this change been tested, please provide a testcase or example of how you tested the change?
Locally & via staging. Only affects the new
/buildloginless UI.Any specific deployment considerations
Won't actually work against prod until the frontend ships via the companion PR open on the core app repo.
Docs