Kyle Lacy kylewlacy · he/him
kylewlacy pushed to main at kylewlacy/git-repo-sha256 2026年06月11日 22:14:22 +02:00
a17d9e7867
Initial commit
kylewlacy created branch main in kylewlacy/git-repo-sha256 2026年06月11日 22:14:22 +02:00
kylewlacy created repository kylewlacy/git-repo-sha256 2026年06月11日 22:08:21 +02:00
kylewlacy opened issue conjured/silverfish#206 2026年01月08日 08:16:22 +01:00
Client IP detection fails when using a proxy header with an IPv6 address
kylewlacy commented on pull request conjured/silverfish#203 2026年01月08日 07:47:45 +01:00
Use tower-sec-fetch instead of axum_csrf for CSRF protection

Done, opened an issue here to track this as a follow-up: conjured/silverfish#205

kylewlacy opened issue conjured/silverfish#205 2026年01月08日 07:46:55 +01:00
Show banner on admin dashboard when your browser is too old for CSRF protections
kylewlacy commented on issue conjured/silverfish#197 2026年01月07日 11:25:45 +01:00
CSRF tokens should be invalidated

@zkat ...I decided to take a stab at it with #203, turns out going with Sec-Fetch-Site (w/ Origin as a fallback) cleans up a lot of stuff! 🙂 Really really happy with how the PR ended up,...

kylewlacy created pull request conjured/silverfish#203 2026年01月07日 11:20:33 +01:00
kylewlacy/use-tower-sec-fetch-instead-of-csrf
kylewlacy pushed to kylewlacy/use-tower-sec-fetch-instead-of-csrf at conjured/silverfish 2026年01月07日 11:18:43 +01:00
c1611ea03f
Clean up a few CSRF leftovers
kylewlacy pushed to kylewlacy/use-tower-sec-fetch-instead-of-csrf at conjured/silverfish 2026年01月07日 10:56:57 +01:00
35ad1e86f3
Add tests to validate CSRF protection rules
ad83a59464
Add MockApp::new_with_config to customize config for test mock
848a107db3
Remove CSRF salt from example config file
f63c925f3a
Rip out axum_csrf and silverfish-middleware-csrf
619e30bed2
Remove all CSRF tokens from HTML templates
Compare 7 commits »
kylewlacy created branch kylewlacy/use-tower-sec-fetch-instead-of-csrf in conjured/silverfish 2026年01月07日 10:56:57 +01:00
kylewlacy commented on issue conjured/silverfish#197 2026年01月06日 03:53:01 +01:00
CSRF tokens should be invalidated

@zkat it's a bit brain-bending for me still to be honest... 😵‍💫 My understanding is the .remove() is being hit, but our context_middleware then insert()s the same token in the...

kylewlacy commented on issue conjured/silverfish#197 2026年01月05日 07:10:39 +01:00
CSRF tokens should be invalidated

Okay, I think I have a pretty clear picture of why this is happening (still kinda lost on the right way forward though)

kylewlacy deleted branch kylewlacy/multipart-form-csrf from conjured/silverfish 2026年01月05日 01:03:22 +01:00
kylewlacy pushed to main at conjured/silverfish 2026年01月05日 01:03:22 +01:00
c28af3e46c Add AuthenticMultipart extractor for CSRF-protected multipart form requests (#189)
kylewlacy closed issue conjured/silverfish#185 2026年01月05日 01:03:22 +01:00
Themes: multipart upload doesn't handle csrf token verification
kylewlacy merged pull request conjured/silverfish#189 2026年01月05日 01:03:21 +01:00
Add `AuthenticMultipart` extractor for CSRF-protected multipart form requests
kylewlacy pushed to kylewlacy/multipart-form-csrf at conjured/silverfish 2026年01月05日 00:40:12 +01:00
008a254286
Merge branch main into kylewlacy/multipart-form-csrf
757ff916e3 improved testing utilities for controllers (#195)
d5be2ba4c9 set up some basic view and controller testing (#184)
dbe9962cf7 working ip locator
ec9eedce93 feat: add basic mailing list support (#186)
Compare 5 commits »
kylewlacy approved conjured/silverfish#195 2026年01月05日 00:11:47 +01:00
improved testing utilities for controllers

Awesome, the new utils look great!

kylewlacy commented on pull request conjured/silverfish#195 2026年01月05日 00:11:46 +01:00
improved testing utilities for controllers

#nonblocking why WARN-level events?