We read every piece of feedback, and take your input very seriously.
To see all available qualifiers, see our documentation.
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
7.6.0
None
If I have two invalid CSRF cookies as a user, I expect to be able to log in without deleting my cookies.
As soon as the CSRF token is set twice, a user will end up in the endless loop and will no longer be able to log in without deleting their cookies.
The solution I have in mind is to search all cookies with the correct name to see if a matching CSRF cookie can be found.
No response
The text was updated successfully, but these errors were encountered:
I solved this bug adding this 2 options in the deployment of Oauth2-proxy @Primexz !
"--cookie-csrf-per-request=true", "--cookie-csrf-expire=5m",
After add this, you have to restart your deployment.
Sorry, something went wrong.
Successfully merging a pull request may close this issue.
OAuth2-Proxy Version
7.6.0
Provider
None
Expected Behaviour
If I have two invalid CSRF cookies as a user, I expect to be able to log in without deleting my cookies.
Current Behaviour
As soon as the CSRF token is set twice, a user will end up in the endless loop and will no longer be able to log in without deleting their cookies.
Screen.Recording.2024-04-10.at.15.20.30.mov
Steps To Reproduce
Possible Solutions
The solution I have in mind is to search all cookies with the correct name to see if a matching CSRF cookie can be found.
Configuration details or additional information
No response
The text was updated successfully, but these errors were encountered: