Comments (3)
@sixcolors can you support here
from fiber.
Thanks for opening your first issue here! 🎉 Be sure to follow the issue template! If you need help or want to chat with us, join us on Discord https://gofiber.io/discord
from fiber.
@vijrcafinnovation I have reviewed your code snippet and log and the middleware is returning an Sentinel Error, ErrNoReferer
. This is a correct behaviour when a callback is received from an OATH2 POST request originating from an Azure-Identity-Platform served page as it is a Cross-Site Request.
The middleware has been designed to perform Strict Referer Checking. Which is a defence-in-depth measure that was implemented along with the remediation for a critical vulnerability known as CVE-2023-45128.
As this is not a bug, I have changed your issue to a question and recommend using a different approach to store and verify the token in the callback.
You could opt to use pre-sessions and store the token you expect to receive in the OAuth2 callbacks 'state' parameter within the session. This would also allow you to use the Synchronizer Token Pattern (with Session) for better security. In addition, you should consider using PKCE as an alternative or in addition to a token returned in the callback 'state' parameter.
See also the fiber recipe csrf-with-session.
Let me know if you need further help.
from fiber.
Related Issues (20)
- 🐛 [Bug]: incorrect routing when adding a default layout HOT 4
- 🐛 [Bug]: Middleware Monitor "CPU Usage" is a "static value". HOT 2
- 🐛 [Bug]: Appending handlers screws up routing HOT 2
- 🤗 [Question]: get param from path for proxy pass request HOT 1
- 🐛 [Bug]: Abort Signal HOT 5
- 🤗 [Question]: Enable DisableHeaderNormalizing config will occur wrong cors middleware behaviour HOT 11
- 🤗 [Question]: Question on ETag Docs HOT 1
- 🤗 [Question]: Does Fiber handle each request in different goroutines? HOT 2
- 📝 [Feature] [v2]: Add a function to get the session expiry HOT 5
- 🐛 [Bug]: setting a Logger that access TLSConnectionState() will break when `app.Server().MaxConnsPerIP` is set to a value HOT 7
- 🤗 [Question]: Fiber http with Cloudflare ssl reverse leading to 525, SSL handshake failed HOT 2
- 🤗 [Question] Is Fiber going to be used for Rust? HOT 3
- proxy.Balancer middleware should handle http backend servers when using app.ListenTLS HOT 1
- 🤗 [Question]: How to get the form data from the html form object? HOT 1
- 📝 [Proposal]: Add support for zstd compression
- 📝 [Proposal]: Add support for CHIPS (Cookies Having Independent Partitioned State)
- 🐛 [Bug]: incorrect selection of the error handler if one of the sub apps is mounted on "/" HOT 2
- 🤗 [Question]: gofiber v3 rc release date? HOT 2
- 📝 [Proposal]: v3 auto binding HOT 2
- 🤗 [Question]: Does fiber v3's Request not have the function of adding files to FormData? HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from fiber.