Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

XSRF protection filter #245

Closed
mattklein123 opened this issue Nov 29, 2016 · 2 comments · Fixed by #6470
Closed

XSRF protection filter #245

mattklein123 opened this issue Nov 29, 2016 · 2 comments · Fixed by #6470
Labels
enhancement Feature requests. Not bugs or questions. stale stalebot believes this issue/PR has not been touched recently

Comments

@mattklein123
Copy link
Member

cc @heston

Ideally, Envoy would handle the full XSRF lifecycle:

  1. Send a cookie containing a cryptographic hash (XSRF token) on GET requests.

  2. On PUT/POST/DELETE requests, Envoy would inspect various parts of the request looking for the token (XSRF_TOKEN header, encoded form body, json body).

  3. Envoy would validate the token (hash is valid, not expired).

  4. If valid, the request is passed to the origin.

  5. If invalid, Envoy would send a 406 status.

We'd also need a way to opt-in/opt-out of xsrf protection for certain endpoints.
@mattklein123 mattklein123 added the enhancement Feature requests. Not bugs or questions. label Nov 29, 2016
@mattklein123 mattklein123 added the help wanted Needs help! label Jul 12, 2017
@mattklein123 mattklein123 removed the help wanted Needs help! label Jun 25, 2018
@stale
Copy link

stale bot commented Jul 26, 2018

This issue has been automatically marked as stale because it has not had activity in the last 30 days. It will be closed in the next 7 days unless it is tagged "help wanted" or other activity occurs. Thank you for your contributions.

@stale stale bot added the stale stalebot believes this issue/PR has not been touched recently label Jul 26, 2018
@stale
Copy link

stale bot commented Aug 2, 2018

This issue has been automatically closed because it has not had activity in the last 37 days. If this issue is still valid, please ping a maintainer and ask them to label it as "help wanted". Thank you for your contributions.

@stale stale bot closed this as completed Aug 2, 2018
rshriram pushed a commit to rshriram/envoy that referenced this issue Oct 30, 2018
@lizan
Add JSON-gRPC transcoding filter (envoyproxy#245)
67dc695 
* Add transcoding filter

* fix format
@dschaller dschaller mentioned this issue Apr 3, 2019
Merged
duderino referenced this issue in duderino/envoy Oct 12, 2019
@PiotrSikora
Throw WasmVmException on failed load() or link(). (istio#245)
ff82647 
Signed-off-by: Piotr Sikora <piotrsikora@google.com>
PiotrSikora pushed a commit to PiotrSikora/envoy that referenced this issue Aug 2, 2020
@lambdai @mattklein123
load stats: fix integration test flake (envoyproxy#12265) (envoyproxy…
5574f47 
…#245)

Waiting on a load stats response can race with resetting
the counters when initializing a watch. Moving the counter
increment prevents the race.

Fixes envoyproxy#11784

Signed-off-by: Matt Klein <mklein@lyft.com>
Signed-off-by: Yuchen Dai <silentdai@gmail.com>

Co-authored-by: Matt Klein <mklein@lyft.com>
jpsim pushed a commit that referenced this issue Nov 28, 2022
@rebello95 @jpsim
ios: refactor LogLevel to Swift layer (#245)
772674e 
This is implemented in Kotlin right now, and should be present in the Swift layer as well. Move the Objective-C logging types to Swift.

Resolves envoyproxy/envoy-mobile#244

Signed-off-by: Michael Rebello <mrebello@lyft.com>
Signed-off-by: JP Simard <jp@jpsim.com>
jpsim pushed a commit that referenced this issue Nov 29, 2022
@rebello95 @jpsim
ios: refactor LogLevel to Swift layer (#245)
8bb4ef4 
This is implemented in Kotlin right now, and should be present in the Swift layer as well. Move the Objective-C logging types to Swift.

Resolves envoyproxy/envoy-mobile#244

Signed-off-by: Michael Rebello <mrebello@lyft.com>
Signed-off-by: JP Simard <jp@jpsim.com>
arminabf pushed a commit to arminabf/envoy that referenced this issue Jun 5, 2024
@spacewander
fix indentation in the example (envoyproxy#245)
c62a359 
Signed-off-by: spacewander <spacewanderlzx@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement Feature requests. Not bugs or questions. stale stalebot believes this issue/PR has not been touched recently
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

http filter: add CSRF filter dschaller/envoy
1 participant
@mattklein123