Skip to content

fix(security): fall back to allowed_origins for CSRF origin validation behind reverse proxies #3437

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
crivetimihai merged 4 commits into from
Mar 6, 2026

test(security): cover empty-scheme-netloc branch in CSRF allowed_orig…

3df4d12
Select commit
Loading
Failed to load commit list.
Merged

fix(security): fall back to allowed_origins for CSRF origin validation behind reverse proxies #3437

test(security): cover empty-scheme-netloc branch in CSRF allowed_orig…
3df4d12
Select commit
Loading
Failed to load commit list.
GitHub Advanced Security / grype completed Mar 6, 2026 in 2s

2 configurations not found

Warning: Code scanning cannot determine the alerts introduced by this pull request, because 2 configurations present on refs/heads/main were not found:

Actions workflow (docker-image.yml)

  • ❓  .github/workflows/docker-image.yml:build-scan-sign

Actions workflow (docker-multiplatform.yml)

  • ❓  .github/workflows/docker-multiplatform.yml:scan

View all branch alerts.