Skip to content

feat(toolbar): Return the CSRF token into the toolbar auth flow for use #106059

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
ryan953 merged 4 commits into from
Jan 12, 2026
Merged

feat(toolbar): Return the CSRF token into the toolbar auth flow for use #106059

ryan953 merged 4 commits into from
Jan 12, 2026
+17 −4

Conversation

@ryan953
Copy link
Member

@ryan953 ryan953 commented Jan 10, 2026

We need the csrf token so the toolbar can make POST/PUT requests and make the toolbar read/write.

@ryan953
feat(toolbar): Return the CSRF token into the toolbar auth flow for use
620284e 
We need the csrf token so the toolbar can make POST/PUT requests and make the toolbar read/write.
@ryan953 ryan953 requested review from a team as code owners January 10, 2026 23:38
@github-actions github-actions bot added the Scope: Backend Automatically applied to PRs that change backend components label Jan 10, 2026
sentry[bot]
sentry bot reviewed Jan 10, 2026
View reviewed changes
sentry[bot]
sentry bot reviewed Jan 10, 2026
View reviewed changes
cursor[bot]
cursor bot reviewed Jan 10, 2026
View reviewed changes
@ryan953
read the csrf cookie from the browser, not in django. it only gets se…
e092c55 
…t by django in the response phase, after this view has finished.
sentry[bot]
sentry bot reviewed Jan 10, 2026
View reviewed changes
billyvg
billyvg approved these changes Jan 12, 2026
View reviewed changes
src/sentry/templates/sentry/toolbar/iframe.html
document.cookie = getCookieValue(cookie, window.location.hostname);
log('Saved a cookie', document.cookie.indexOf(cookie) >= 0);
}
if (csrfToken) {
Copy link
Member

@billyvg billyvg Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Should we log if csrf token isn't found?

Copy link
Member Author

@ryan953 ryan953 Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also important is handling it on the UI side so things gracefully degrade.

There's no Sentry on this page now afaik, we'd need to load in from the CDN, so i'll take that as a followup for this whole html template.

Copy link
Member Author

@ryan953 ryan953 Jan 12, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

but we're relying on middleware... so i think the odds of not having it are low. unless it's misconfigured for this page.

@ryan953 ryan953 merged commit 648a2c5 into master Jan 12, 2026
66 checks passed
@ryan953 ryan953 deleted the ryan953/toolbar-POST-with-csfr-token branch January 12, 2026 22:55
@github-actions github-actions bot mentioned this pull request Jan 13, 2026
Open
@ryan953 ryan953 mentioned this pull request Jan 14, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@sentry sentry[bot] sentry[bot] left review comments

@cursor cursor[bot] cursor[bot] left review comments

@billyvg billyvg billyvg approved these changes

Assignees

No one assigned

Labels

Scope: Backend Automatically applied to PRs that change backend components

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@ryan953 @billyvg