Skip to content

Make random 'state' for github authorization, really random. #4

New issue
New issue
Open
Open
Make random 'state' for github authorization, really random.#4
Labels
enhancementNew feature or requestgood first issueGood for newcomershelp wantedExtra attention is neededprimary
@marckraw

Description

@marckraw
marckraw
opened on Dec 30, 2020

There is state option in authorization to Github, which should be "An unguessable random string. It is used to protect against cross-site request forgery attacks.". Right now, it is just hardcoded string, so it definitelly doesnt give much protection.

See below:
https://docs.github.com/en/free-pro-team@latest/developers/apps/authorizing-oauth-apps#web-application-flow

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or requestgood first issueGood for newcomershelp wantedExtra attention is neededprimary

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions