Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Delay assignment of csrftoken in Graphiql #1289

Merged
merged 1 commit into from
Sep 24, 2022
Merged

Delay assignment of csrftoken in Graphiql #1289

merged 1 commit into from
Sep 24, 2022

Conversation

c-py
Copy link
Contributor

@c-py c-py commented Jan 19, 2022

The csrftoken is currently assigned only when graphiql.js is first loaded.

The current csrftoken can rotated by Django, for instance when a user logs in. rotate_token performs the rotation.

When this happens, the csrftoken held by graphiql.js is invalid and Graphiql will receive CSRF errors.

This PR delays the assignment of the csrftoken by moving it into the httpClient function so when the csrftoken is rotated by Django, Graphiql can pick up the new token from the cookies.

keithhackbarth
keithhackbarth approved these changes Jan 26, 2022
View reviewed changes
Copy link
Collaborator

@keithhackbarth keithhackbarth left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code seems simple and well-written.

@c-py
Copy link
Contributor Author

c-py commented Feb 21, 2022

@keithhackbarth Do you happen to know what I should do to merge this PR? I'm not authorized to do so and the build status is still in orange.

@edwinvandeven
Copy link

Ran into this issue, would be great if this can be merged and included in a future release!

@firaskafri firaskafri self-requested a review September 23, 2022 08:46
@firaskafri firaskafri closed this Sep 24, 2022
@firaskafri firaskafri reopened this Sep 24, 2022
@firaskafri firaskafri merged commit 05d3df9 into graphql-python:main Sep 24, 2022
superlevure pushed a commit to loft-orbital/graphene-django that referenced this pull request Jul 19, 2023
@c-py @superlevure
Delay assignment of csrftoken (graphql-python#1289)
575f292
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@firaskafri firaskafri firaskafri approved these changes

@keithhackbarth keithhackbarth keithhackbarth approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@c-py @edwinvandeven @keithhackbarth @firaskafri