Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: Add more information to errors if we think cookies are missing #2979

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: Add more information to errors if we think cookies are missing #2979

wants to merge 1 commit into from

Conversation

AshCorr
Copy link
Member

@AshCorr AshCorr commented Nov 22, 2024
edited
Loading

What does this change?

If a user has cookies disabled the most likely error they'll encounter is a CSRF error as we expect this cookie to exist on almost every page visit and we check it before almost everything else.

image

I spent some time trying to add safety checks to everywhere we check for cookies, but that became a mess of trying to propagate the correct errors to the correct places and figuring out where we expect cookies to sometimes not exist. I think this approach should catch the vast majority, if not all, of users that don't have cookies enabled.

How to test

Turn off cookies and attempt a login, you should be redirected to a CSRF error page with the updated error message.

@AshCorr AshCorr marked this pull request as ready for review November 22, 2024 10:26
@AshCorr AshCorr requested a review from a team as a code owner November 22, 2024 10:26
@github-actions GitHub Actions
Copy link

Deploy build 10236 of identity:identity-gateway to CODE

All deployment options

From guardian/actions-riff-raff.

@AshCorr AshCorr closed this Nov 22, 2024
@AshCorr AshCorr reopened this Nov 22, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@AshCorr