Allow certain paths to be excluded from the Origin check (patch included)

Created on 22 February 2021, almost 4 years ago

Updated 27 November 2024, 25 days ago

Problem/Motivation

I want to use the Origin check, but when calling back from a payment gateway with 3D Secure it's not possible to know which domain will be the POSTing back to the site. This means I can't whitelist origins.

Proposed resolution

Allow certain paths to be excluded from the Origin check.

Remaining tasks

Patch attached with tests.

User interface changes

Extra field added to seckit admin page.

API changes

n/a

Data model changes

n/a

✨ Feature request

Status

Active

Version

2.0

Component

Code

Created by

🇬🇧United Kingdom Andy Tawse

Live updates comments and jobs are added and updated live.

Incomplete comments

Merge Requests

!45Allow certain paths to be excluded from the Origin check (patch included)
Open
joshhytr
updated 24 days ago

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

First commit to issue fork.
Merge request !45[3199711-allow-certain-paths] Allow certain paths to be excluded from the CSRF Origin check → (Open) created by joshhytr
Comment 24 days ago →
joshhytr
Hi, I rerolled Andy's patch for version 2.0.3 and opened an MR.

Thanks

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024