-
-
Notifications
You must be signed in to change notification settings - Fork 1.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
fix: disabled CSRF check for github codespaces #4336
fix: disabled CSRF check for github codespaces #4336
Conversation
We need to add codespaces URL here
|
but in dev environment we are already whitelisting everything -
i have tried using upon research i found out this issue will investigate more if there is a solution without disabling it |
Hi @niladrix719 Now, while doing the reverse proxy they don't rewrite the Host Header's. So, as a result it fails CSRF verification (request base !== X-Forwarded-Host). In older Rails, It gives preference to X-Forwarded-Host header instead of Host Header for decide actual Host Usually, while using nginx/haproxy/traefik we can rewrite this header but in this Codespaces we can't have that flexibility. So, we may disable CSRF for only Github Codespaces We can add this configuration to disable the CSRF check in development
|
If you want to just check whether it's a codespace, you can use the |
cc @tachyons |
@tanmoysrt thanks that was great help, just one question can we use CODESPACES environment variable instead of DEV_CONTAINER to identify codespaces |
Yes you can |
Fantastic 🥳 |
Screen.Recording.2023-12-05.at.8.20.13.PM.movi think its working fine |
Code Climate has analyzed commit e1d327b and detected 0 issues on this pull request. View more on Code Climate. |
Fixes #4334
Describe the changes you have made in this PR -
disabled CSRF check for github codespaces
Screenshots of the changes (If any) -
Screen.Recording.2023-12-02.at.11.59.22.PM.mov