- Vancouver, WA (US)
- https://kyle.space
-
Joined on
2025年10月24日
a17d9e7867
Initial commit
Client IP detection fails when using a proxy header with an IPv6 address
Use
tower-sec-fetch instead of axum_csrf for CSRF protection
Done, opened an issue here to track this as a follow-up: conjured/silverfish#205
Show banner on admin dashboard when your browser is too old for CSRF protections
CSRF tokens should be invalidated
@zkat ...I decided to take a stab at it with #203, turns out going with Sec-Fetch-Site (w/ Origin as a fallback) cleans up a lot of stuff! 🙂 Really really happy with how the PR ended up,...
kylewlacy/use-tower-sec-fetch-instead-of-csrf
kylewlacy
pushed to kylewlacy/use-tower-sec-fetch-instead-of-csrf at conjured/silverfish
2026年01月07日 11:18:43 +01:00
c1611ea03f
Clean up a few CSRF leftovers
kylewlacy
pushed to kylewlacy/use-tower-sec-fetch-instead-of-csrf at conjured/silverfish
2026年01月07日 10:56:57 +01:00
35ad1e86f3
Add tests to validate CSRF protection rules
ad83a59464
Add
MockApp::new_with_config to customize config for test mock
848a107db3
Remove CSRF salt from example config file
f63c925f3a
Rip out
axum_csrf and silverfish-middleware-csrf
619e30bed2
Remove all CSRF tokens from HTML templates
kylewlacy
created branch kylewlacy/use-tower-sec-fetch-instead-of-csrf in conjured/silverfish
2026年01月07日 10:56:57 +01:00
CSRF tokens should be invalidated
@zkat it's a bit brain-bending for me still to be honest... 😵💫 My understanding is the .remove() is being hit, but our context_middleware then insert()s the same token in the...
CSRF tokens should be invalidated
Okay, I think I have a pretty clear picture of why this is happening (still kinda lost on the right way forward though)
kylewlacy
deleted branch 2026年01月05日 01:03:22 +01:00
kylewlacy/multipart-form-csrf from conjured/silverfish
c28af3e46c
Add
AuthenticMultipart extractor for CSRF-protected multipart form requests (#189)
Themes: multipart upload doesn't handle csrf token verification
Add `AuthenticMultipart` extractor for CSRF-protected multipart form requests
kylewlacy
pushed to kylewlacy/multipart-form-csrf at conjured/silverfish
2026年01月05日 00:40:12 +01:00
008a254286
Merge branch
main into kylewlacy/multipart-form-csrf
757ff916e3
improved testing utilities for controllers (#195)
d5be2ba4c9
set up some basic view and controller testing (#184)
dbe9962cf7
working ip locator
ec9eedce93
feat: add basic mailing list support (#186)
improved testing utilities for controllers
Awesome, the new utils look great!
improved testing utilities for controllers
#nonblocking why WARN-level events?