zydronium/getnamingo-registry
1
0
Fork 0
mirror of https://github.com/getnamingo/registry.git synced 2025-08-12 12:29:20 +02:00
Code Issues Projects Releases Packages Wiki Activity

Further WebAuthn fixes

Browse source
This commit is contained in:
Pinga 2023-11-22 13:39:05 +02:00
parent 5dedac6c57
commit 3684970ff9
1 changed files with 18 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

20
cp/bootstrap/app.php
View file

@ -183,14 +183,30 @@ $container->set('validator', function ($container) {
}); });
$container->set('csrf', function($container) use ($responseFactory) { $container->set('csrf', function($container) use ($responseFactory) {
return new Guard($responseFactory); return new Slim\Csrf\Guard($responseFactory);
}); });
$app->add(new \App\Middleware\ValidationErrorsMiddleware($container)); $app->add(new \App\Middleware\ValidationErrorsMiddleware($container));
$app->add(new \App\Middleware\OldInputMiddleware($container)); $app->add(new \App\Middleware\OldInputMiddleware($container));
$app->add(new \App\Middleware\CsrfViewMiddleware($container)); $app->add(new \App\Middleware\CsrfViewMiddleware($container));
$app->add('csrf'); $csrfMiddleware = function ($request, $handler) use ($container) {
$uri = $request->getUri();
$path = $uri->getPath();
// Get the CSRF Guard instance from the container
$csrf = $container->get('csrf');
// Skip CSRF for the specific path
if ($path && $path === '/webauthn/register/verify') {
return $handler->handle($request);
}
// If not skipped, apply the CSRF Guard
return $csrf->process($request, $handler);
};
$app->add($csrfMiddleware);
$app->setBasePath(routePath()); $app->setBasePath(routePath());
require __DIR__ . '/../routes/web.php'; require __DIR__ . '/../routes/web.php';