Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[LiveComponent] Check secret is not empty + add [SensitiveParameter] #2461

Merged
merged 1 commit into from
Dec 24, 2024
Merged

[LiveComponent] Check secret is not empty + add [SensitiveParameter] #2461

merged 1 commit into from
Dec 24, 2024

Conversation

smnandre
Copy link
Member

Q A
Bug fix? yes
New feature? no
Issues Fix #...
License MIT

Improve security before we allow secret customization for LiveComponents (cf #2453)

I consider this a fix as passing an empty string for secret produces the same hash as passing null... which is deprecated for obvious reasons.

@smnandre
[LiveComponent] Check secret is not empty + add missing [SensitivePar…
3c3d097 
…ameter]

Improve security before we allow secret customization for LiveComponents (cf symfony#2453)

I consider this a fix as passing an empty string for secret produce the same hash as passing null... which is deprecated for obvious reasons.
@carsonbot carsonbot added Bug Bug Fix LiveComponent Status: Needs Review Needs to be reviewed labels Dec 21, 2024
@smnandre
Copy link
Member Author

(fabbot errors unrelated)

This was referenced Dec 21, 2024
Closed
Merged
@smnandre smnandre added the Security Security Issue label Dec 21, 2024
@carsonbot carsonbot added Status: Reviewed Has been reviewed by a maintainer and removed Status: Needs Review Needs to be reviewed labels Dec 21, 2024
@smnandre smnandre merged commit a63464e into symfony:2.x Dec 24, 2024
58 of 59 checks passed
smnandre added a commit that referenced this pull request Dec 24, 2024
@smnandre
minor #2462 [LiveComponent] Allow configuring secret for fingerprints…
68821ae 
… and checksums (smnandre)

This PR was squashed before being merged into the 2.x branch.

Discussion
----------

[LiveComponent] Allow configuring secret for fingerprints and checksums

| Q             | A
| ------------- | ---
| Bug fix?      | no
| New feature?  | yes
| Issues        | Fix #2453
| License       | MIT

Allow to configure a dedicated secret (used in FingerprintCalculator and LiveComonentHydrator)

Suggested by `@dkarlovi` in #2453
Implementation inspired by [symfony #56840](symfony/symfony#56840)

Should be merged _after_  #2461

Commits
-------

a641a2e [LiveComponent] Allow configuring secret for fingerprints and checksums
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@kbond kbond kbond approved these changes

@Kocal Kocal Kocal approved these changes

Assignees
No one assigned
Labels
Bug Bug Fix LiveComponent Security Security Issue Status: Reviewed Has been reviewed by a maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@smnandre @kbond @Kocal @carsonbot