Our great sponsors
-
WorkOS
The modern identity platform for B2B SaaS. The APIs are flexible and easy-to-use, supporting authentication, user identity, and complex enterprise features like SSO and SCIM provisioning.
They do, and the patch for this CVE adds a test case for this bug: https://github.com/symfony/symfony/commit/f0ffb775febdf07e57...
I would love for you to try this one and hear your feedback:
https://github.com/Qbix/Platform
It takes the best ideas from CodeIgniter, Symfony, Kohana, Drupal and Doctrine…
Sure, but this was the presence of a bug. In a web framework you can easily have a test that fails when CSRF vulnerabilities are present. It's not some zeroday that has just been published, CSRF has been known for a very long time now.
As a demo, here is a link to an 1100 line file full of such tests for the Rails framework: https://github.com/rails/rails/blob/main/actionpack/test/con...
Indeed, you can also create a Jinja macro to auto-insert the token into all of your forms too, here's a code example[0]. It's a 100% solved problem both on the Flask back-end and template side with an ability to opt out of it when you need to on the back-end such as accepting webhooks from another service.
[0]: https://github.com/nickjj/build-a-saas-app-with-flask/blob/1...