Skip to content

Comments

Fix incorrect CSP hash constants in check session endpoint#2283

Merged
maartenba merged 2 commits intoreleases/is/7.4.xfrom
mb/csp
Dec 3, 2025
Merged

Fix incorrect CSP hash constants in check session endpoint#2283
maartenba merged 2 commits intoreleases/is/7.4.xfrom
mb/csp

Conversation

@maartenba
Copy link
Member

@maartenba maartenba commented Dec 3, 2025
edited
Loading

What issue does this PR address?
https://github.com/orgs/DuendeSoftware/discussions/425

https://demo.duendesoftware.com/connect/checksession shows a CSP error in Chrome/Safari/Firefox.

The CSP includes a hash for the inline script that comes from https://github.com/DuendeSoftware/products/blob/main/identity-server/src/IdentityServer/Endpoints/Results/CheckSessionResult.cs#L54

The hash is stored in a constant at https://github.com/DuendeSoftware/products/blob/main/identity-server/src/IdentityServer/IdentityServerConstants.cs#L238

The hash in code: fa5rxHhZ799izGRP38+h4ud5QXNT0SFaFlh4eqDumBI=
The expected hash: 4Hj97GNFvt0k8A6DbSr2hoRb/RJmCCakAgE+4zuVeHs=

Will need advise on changing the constant vs. reverting whitespace change in CheckSessionResult.cs

@maartenba maartenba requested a review from damianh December 3, 2025 12:55
@maartenba maartenba self-assigned this Dec 3, 2025
@maartenba maartenba added area/products/is IdentityServer impact/non-breaking The fix or change is not a breaking one labels Dec 3, 2025
@damianh damianh marked this pull request as draft December 3, 2025 13:00
@maartenba maartenba changed the base branch from main to releases/is/7.4.x December 3, 2025 13:08
@damianh
Copy link
Member

damianh commented Dec 3, 2025
edited
Loading

@maartenba Change the constant. Thanks to you, we have tests now that catch potential future checksession scripts edits / reformats. If that happens again then we need to change the constant again.

@maartenba maartenba marked this pull request as ready for review December 3, 2025 13:28
@maartenba maartenba enabled auto-merge December 3, 2025 13:31
@maartenba maartenba changed the title Add tests for wrong CSP hash constants Fix incorrect CSP hash constants in check session endpoint Dec 3, 2025
@maartenba maartenba merged commit 9b24ef1 into releases/is/7.4.x Dec 3, 2025
16 checks passed
@maartenba maartenba deleted the mb/csp branch December 3, 2025 14:10
josephdecock pushed a commit that referenced this pull request Dec 3, 2025
@maartenba @josephdecock
Merge pull request #2283 from DuendeSoftware/mb/csp
24d6b9c 
Add tests for wrong CSP hash constants
This was referenced Dec 3, 2025
Merged
Closed
Closed
Closed
Closed
Closed
Closed
Closed
This was referenced Dec 15, 2025
Closed
Closed
@dependabot dependabot bot mentioned this pull request Dec 15, 2025
Closed
This was referenced Jan 5, 2026
Closed
Closed
@dependabot dependabot bot mentioned this pull request Jan 12, 2026
Closed
This was referenced Jan 19, 2026
Closed
Closed
This was referenced Jan 27, 2026
Closed
Closed
This was referenced Feb 11, 2026
Open
Open
Open
Open
@dependabot dependabot bot mentioned this pull request Feb 23, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@damianh damianh damianh approved these changes

@josephdecock josephdecock josephdecock approved these changes

@bhazen bhazen Awaiting requested review from bhazen

Assignees

@maartenba maartenba

Labels

area/products/is IdentityServer impact/non-breaking The fix or change is not a breaking one

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@maartenba @damianh @josephdecock