OpenSource/axum
OpenSource/axum
1
0
Fork 0
mirror of https://github.com/tokio-rs/axum.git synced 2024-10-23 17:36:39 +02:00
Code Issues Projects Releases Packages Wiki Activity

Add note about missing CSRF validation in oauth example (#2512)

Browse source
This commit is contained in:
David Pedersen 2024-01-13 15:37:03 +01:00 committed by GitHub
parent 9ebd105d04
commit 358f196810
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 5 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
examples/oauth/src/main.rs
View file

@ -143,6 +143,11 @@ async fn index(user: Option<User>) -> impl IntoResponse {
}
async fn discord_auth(State(client): State<BasicClient>) -> impl IntoResponse {
// TODO: this example currently doesn't validate the CSRF token during login attempts. That
// makes it vulnerable to cross-site request forgery. If you copy code from this example make
// sure to add a check for the CSRF token.
//
// Issue for adding check to this example https://github.com/tokio-rs/axum/issues/2511
let (auth_url, _csrf_token) = client
.authorize_url(CsrfToken::new_random)
.add_scope(Scope::new("identify".to_string()))