Skip to content

Commit

Permalink
fix: choose correct CSRF cookie when multiple are set
Browse files Browse the repository at this point in the history 
Resolves an issue where, when multiple CSRF cookies are set, a random one would be used to verify the CSRF token. Now, regardless of how many conflicting CSRF cookies exist, if one of them is valid, the request will pass and clean up the cookie store.

See #2121
See ory-corp/cloud#1786
  • Loading branch information
@aeneasr
aeneasr committed Jan 8, 2022
1 parent 871ee04 commit 32ba957
Showing 1 changed file with 1 addition and 1 deletion.
2 changes: 1 addition & 1 deletion go.mod
View file
Original file line number Diff line number Diff line change
Expand Up @@ -75,7 +75,7 @@ require (
github.com/ory/jsonschema/v3 v3.0.5-0.20211222152031-b530fb44a010
github.com/ory/kratos-client-go v0.6.3-alpha.1
github.com/ory/mail/v3 v3.0.0
github.com/ory/nosurf v1.2.6
github.com/ory/nosurf v1.2.7
github.com/ory/x v0.0.330
github.com/phayes/freeport v0.0.0-20180830031419-95f893ade6f2
github.com/pkg/errors v0.9.1
Expand Down

0 comments on commit 32ba957

Please sign in to comment.