Leight Johnson issues

Repositories
Issues
Comments

Results 2 issues of


                                            Leight Johnson

Prevent `InvalidAuthenticityToken` & Infinite Loop

`skip_before_action :verify_authenticity_token` prevents the `InvalidAuthenticityToken` while running this behind a reverse proxy. Since it is only used for `development` environments, I don't think there is much risk for doing this....

Previous tokens remain valid indefinitely, bypassing batch window throttle

The `token_is_current?` method in `DeviseTokenAuth::Concerns::User module` contains a security vulnerability that allows previous tokens to remain valid indefinitely, effectively bypassing the batch request buffer throttle setting. **Current Implementation** In the...