Skip to content

[LiveComponent] Check secret is not empty + add [SensitiveParameter] #2461

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Dec 24, 2024
Merged

[LiveComponent] Check secret is not empty + add [SensitiveParameter] #2461

merged 1 commit into from
Dec 24, 2024

Conversation

@smnandre
Copy link
Member

@smnandre smnandre commented Dec 21, 2024

Q A
Bug fix? yes
New feature? no
Issues Fix #...
License MIT

Improve security before we allow secret customization for LiveComponents (cf #2453)

I consider this a fix as passing an empty string for secret produces the same hash as passing null... which is deprecated for obvious reasons.

@smnandre
[LiveComponent] Check secret is not empty + add missing [SensitivePar…
3c3d097 
…ameter]

Improve security before we allow secret customization for LiveComponents (cf symfony#2453)

I consider this a fix as passing an empty string for secret produce the same hash as passing null... which is deprecated for obvious reasons.
@carsonbot carsonbot added Bug Bug Fix LiveComponent Status: Needs Review Needs to be reviewed labels Dec 21, 2024
@smnandre
Copy link
Member Author

smnandre commented Dec 21, 2024

(fabbot errors unrelated)

This was referenced Dec 21, 2024
Closed
Merged
@carsonbot carsonbot added Status: Reviewed Has been reviewed by a maintainer and removed Status: Needs Review Needs to be reviewed labels Dec 21, 2024
@smnandre smnandre merged commit a63464e into symfony:2.x Dec 24, 2024
58 of 59 checks passed
smnandre added a commit that referenced this pull request Dec 24, 2024
@smnandre
minor #2462 [LiveComponent] Allow configuring secret for fingerprints…
68821ae 
… and checksums (smnandre)

This PR was squashed before being merged into the 2.x branch.

Discussion
----------

[LiveComponent] Allow configuring secret for fingerprints and checksums

| Q             | A
| ------------- | ---
| Bug fix?      | no
| New feature?  | yes
| Issues        | Fix #2453
| License       | MIT

Allow to configure a dedicated secret (used in FingerprintCalculator and LiveComonentHydrator)

Suggested by `@dkarlovi` in #2453
Implementation inspired by [symfony #56840](symfony/symfony#56840)

Should be merged _after_  #2461

Commits
-------

a641a2e [LiveComponent] Allow configuring secret for fingerprints and checksums
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@kbond kbond kbond approved these changes

@Kocal Kocal Kocal approved these changes

Assignees

No one assigned

Labels

Bug Bug Fix LiveComponent Status: Reviewed Has been reviewed by a maintainer

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@smnandre @kbond @Kocal @carsonbot