Perl 6 - the future is here, just unevenly distributed

IRC log for #confidant, 2016-03-25

| Channels | #confidant index | Today | | Search | Google Search | Plain-Text | summary

All times shown according to UTC.

Time Nick Message
00:14 RandyT_ joined #confidant
10:10 wm-bot joined #confidant
18:29 wm-bot GitHub [lyft/confidant] new issue by ryan-lane: Document IAM role policy configuration for auth and blind credentials https://github.com/lyft/confidant/issues/53
18:31 wm-bot GitHub [lyft/confidant] ryan-lane closed issue Add a lambda to ensure KMS auth key grants are created for IAM roles: https://github.com/lyft/confidant/issues/32
21:50 Ryan_Lane abrody: when you tried removing the redis requirement, did you just remove the flask-session and redis stuff?
21:50 Ryan_Lane I think the xsrf session issue can be fixed by checking for the token in both the headers and the cookies
21:51 abrody I don't think I made any code changes for it, just didn't set a redis URL
21:52 Ryan_Lane gotcha. I think I may try to rip out the flask session stuff
21:52 Ryan_Lane cause it looks like it doesn't fall back to normal flask sessions, which use itsdangerous
21:53 abrody Oh it doesn't? I thought I saw it doing that, but I didn't look closely
21:54 Ryan_Lane looking at the docs I can't see that it does, but maybe it does
21:54 Ryan_Lane it looks like it's built specifically for server-side cookie/session management
21:55 Ryan_Lane I'll see if I can get it working fully with normal sessions, then make it configurable whether it uses flask session or itsdangerous sessions
21:56 abrody I definitely was saving data successfully in an encrypted cookie based session (needed for SAML stuff to work)
21:56 Ryan_Lane ah. gotcha.
21:57 abrody But I ran into issues with the CSRF token behaving weirdly
21:57 Ryan_Lane it may just be a matter of making xsrf token code check both in headers and cookies
21:57 Ryan_Lane since only angularjs is going to send both
21:57 abrody I figured it was maybe something to do with the fact that it's an XHR request that sets the token on the session when you call /v1/user/email for the first time
21:58 Ryan_Lane where's the first place you check for it?
21:59 Ryan_Lane I was setting it there because I require auth on /, and just wanted to ensure the token was set somewhere, and the username is loaded early in the angular loading
21:59 Ryan_Lane could really just move it to /
22:05 abrody Yeah I wasn't 100% sure what was going on
22:15 Ryan_Lane hm. getting it from a cookie won't work, because that wouldn't actually be protection from xsrf
22:18 abrody Right

| Channels | #confidant index | Today | | Search | Google Search | Plain-Text | summary