Skip to content

fix(spring): CSRF login response for TypeScript forms #21939

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 4 commits into from
Aug 1, 2025
Merged

fix(spring): CSRF login response for TypeScript forms #21939

merged 4 commits into from
Aug 1, 2025

Conversation

platosha
Copy link
Contributor

@platosha platosha added hilla Issues related to Hilla target/24.8 target/24.9 labels Jul 23, 2025
@github-actions GitHub Actions
Copy link

github-actions bot commented Jul 23, 2025
edited
Loading

Test Results

1 237 files  ±0  1 237 suites  ±0   1h 14m 23s ⏱️ - 6m 8s
8 493 tests +1  8 433 ✅ +1  60 💤 ±0  0 ❌ ±0 
8 872 runs  +1  8 805 ✅ +3  67 💤  - 2  0 ❌ ±0 

Results for commit ca788d7. ± Comparison against base commit 7bc36c6.

♻️ This comment has been updated with latest results.

@davidbellem
Copy link

Just out of curiosity: If I see it correctly, this pull request does not add any additional tests to ensure that this behavior won't break again. Does it make sense to have an integration or other test that makes sure stateless security works with CSRF?

@platosha platosha force-pushed the fix/ap/hilla-3697 branch from a32aee3 to b1641ed Compare July 28, 2025 11:58
@vaadin-bot vaadin-bot added +1.0.0 and removed +0.0.1 labels Jul 28, 2025
platosha added a commit to vaadin/hilla that referenced this pull request Jul 28, 2025
@platosha
test(security): verify setup with sessions disabled and stateless sec…
9c03a06 
…urity

Connected to #3697

Depends on vaadin/flow#21939
@platosha platosha mentioned this pull request Jul 28, 2025
Merged
platosha added a commit to vaadin/hilla that referenced this pull request Jul 28, 2025
@platosha
test(security): verify setup with sessions disabled and stateless sec…
1f5aac5 
…urity

Connected to #3697

Depends on vaadin/flow#21939
platosha added a commit to vaadin/hilla that referenced this pull request Jul 28, 2025
@platosha
test(security): verify setup with sessions disabled and stateless sec…
ca73a2e 
…urity

Connected to #3697

Depends on vaadin/flow#21939
@platosha
Copy link
Contributor Author

Just out of curiosity: If I see it correctly, this pull request does not add any additional tests to ensure that this behavior won't break again. Does it make sense to have an integration or other test that makes sure stateless security works with CSRF?

Correct, however, the setup is in the Hilla repository. The issue was not caught previously due to a difference in security config between docs and test setup, see vaadin/hilla#3807 addressing this.

@vaadin-bot vaadin-bot added +0.0.1 and removed +1.0.0 labels Jul 28, 2025
@platosha platosha requested a review from cromoteca July 29, 2025 11:01
@vaadin-bot vaadin-bot added +1.0.0 and removed +0.0.1 labels Jul 30, 2025
@sonarqubecloud SonarQubeCloud
Copy link

Quality Gate Passed Quality Gate passed

Issues
234 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@platosha platosha merged commit e4f755f into main Aug 1, 2025
27 checks passed
@platosha platosha deleted the fix/ap/hilla-3697 branch August 1, 2025 08:17
vaadin-bot pushed a commit that referenced this pull request Aug 1, 2025
@platosha @vaadin-bot
fix(spring): CSRF login response for TypeScript forms (#21939)
431a8b4 
Fixes vaadin/hilla#3697
vaadin-bot pushed a commit that referenced this pull request Aug 1, 2025
@platosha @vaadin-bot
fix(spring): CSRF login response for TypeScript forms (#21939)
21ae2ce 
Fixes vaadin/hilla#3697
vaadin-bot added a commit that referenced this pull request Aug 1, 2025
@vaadin-bot @platosha
fix(spring): CSRF login response for TypeScript forms (#21939) (#21975)
99c5796 
Fixes vaadin/hilla#3697

Co-authored-by: Anton Platonov <anton@vaadin.com>
vaadin-bot added a commit that referenced this pull request Aug 1, 2025
@vaadin-bot @platosha
fix(spring): CSRF login response for TypeScript forms (#21939) (#21974)
be99669 
Fixes vaadin/hilla#3697

Co-authored-by: Anton Platonov <anton@vaadin.com>
platosha added a commit to vaadin/hilla that referenced this pull request Aug 5, 2025
@platosha
test(security): verify setup with sessions disabled and stateless sec…
a1ca6de 
…urity (#3807)

* test(security): verify setup with sessions disabled and stateless security

Connected to #3697

Depends on vaadin/flow#21939

* test(security): assert endpoints in the same test
vaadin-bot pushed a commit to vaadin/hilla that referenced this pull request Aug 5, 2025
@platosha @vaadin-bot
test(security): verify setup with sessions disabled and stateless sec…
ea65f73 
…urity (#3807)

* test(security): verify setup with sessions disabled and stateless security

Connected to #3697

Depends on vaadin/flow#21939

* test(security): assert endpoints in the same test
vaadin-bot pushed a commit to vaadin/hilla that referenced this pull request Aug 5, 2025
@platosha @vaadin-bot
test(security): verify setup with sessions disabled and stateless sec…
330c867 
…urity (#3807)

* test(security): verify setup with sessions disabled and stateless security

Connected to #3697

Depends on vaadin/flow#21939

* test(security): assert endpoints in the same test
Lodin pushed a commit to vaadin/hilla that referenced this pull request Aug 5, 2025
@platosha @Lodin
test(security): verify setup with sessions disabled and stateless sec…
da84afa 
…urity (#3807)

* test(security): verify setup with sessions disabled and stateless security

Connected to #3697

Depends on vaadin/flow#21939

* test(security): assert endpoints in the same test
cromoteca added a commit to vaadin/hilla that referenced this pull request Aug 6, 2025
@vaadin-bot @platosha @cromoteca
test(security): verify setup with sessions disabled and stateless sec…
ba178c2 
…urity (#3807) (CP: 24.9) (#3834)

test(security): verify setup with sessions disabled and stateless security (#3807)

* test(security): verify setup with sessions disabled and stateless security

Connected to #3697

Depends on vaadin/flow#21939

* test(security): assert endpoints in the same test

Co-authored-by: Anton Platonov <platosha@gmail.com>
Co-authored-by: Luciano Vernaschi <luciano@vaadin.com>
cromoteca added a commit to vaadin/hilla that referenced this pull request Aug 6, 2025
@vaadin-bot @platosha @cromoteca
test(security): verify setup with sessions disabled and stateless sec…
66741e4 
…urity (#3807) (CP: 24.8) (#3835)

test(security): verify setup with sessions disabled and stateless security (#3807)

* test(security): verify setup with sessions disabled and stateless security

Connected to #3697

Depends on vaadin/flow#21939

* test(security): assert endpoints in the same test

Co-authored-by: Anton Platonov <platosha@gmail.com>
Co-authored-by: Luciano Vernaschi <luciano@vaadin.com>
Lodin pushed a commit to vaadin/hilla that referenced this pull request Aug 6, 2025
@platosha @Lodin
test(security): verify setup with sessions disabled and stateless sec…
d2a2e03 
…urity (#3807)

* test(security): verify setup with sessions disabled and stateless security

Connected to #3697

Depends on vaadin/flow#21939

* test(security): assert endpoints in the same test
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@mcollovati mcollovati mcollovati approved these changes

@cromoteca cromoteca Awaiting requested review from cromoteca

Assignees
No one assigned
Labels
cherry-picked-24.8 cherry-picked-24.9 hilla Issues related to Hilla target/24.8 target/24.9 +1.0.0
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[24.8] CSRF token handling is broken in Stateless Security
4 participants
@platosha @davidbellem @mcollovati @vaadin-bot