(fix): Added xsrf token to session object and amended request validation method for the XSRF class (!870) · Merge requests · Minds / Minds Backend

Fausto Arcidiacono requested to merge fix/xsrf-with-session-id-2073 into master Oct 05, 2021

Added sessionId to XSRF token and updated the validateRequest method in the Security/XSRF class in order to check the sessionId if the user is logged in, otherwise it checks the XSRF token cookie for a logged out/guest user.

Regression tests

XSRF and Session tests need to be run to ensure no functionality has been broken.

To do:

Run tests to make sure that they are still passing
Perform manual check of functionality

Closes issue #2073

Edited Oct 12, 2021 by Fausto Arcidiacono

(fix): Added xsrf token to session object and amended request validation method for the XSRF class

Regression tests

To do:

Merge request reports