Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

🐛 [Bug]: CSRF middleware default ContextKey and PassLocalsToViews #2682

Closed
3 tasks done
ly020044 opened this issue Oct 19, 2023 · 4 comments · Fixed by gofiber/template#307
Closed
3 tasks done

🐛 [Bug]: CSRF middleware default ContextKey and PassLocalsToViews #2682

ly020044 opened this issue Oct 19, 2023 · 4 comments · Fixed by gofiber/template#307
Labels
☢️ Bug

Comments

@ly020044
Copy link
Contributor

Bug Description

I'm using csrf middleware with v2.49.2 is worked. But after upgrade to v2.50.0, Errors will occur when visit any page.

failed to render: [Error (where: checkForValidIdentifiers)] context-key 'fiber.csrf.handler' (value: '&{config:0x14001198a00 sessionManager:<nil> storageManager:0x14000842e80}') is not a valid identifier

If change csrf config HandlerContextKey="csrf", is worked. Because HandlerContextKey is default value fiber.csrf.handle, So the default value contains the . character. .xx is usually used in templates to access properties or methods.

How to Reproduce

Steps to reproduce the behavior:

  1. Set fiber.Config PassLocalsToViews: true
  2. Use django html engine.
  3. Use CSRF middleware

Expected Behavior

Can visit all pages.

Fiber Version

v2.50.0

Code Snippet (optional)

package main

import (
	"log"

	"github.com/gofiber/fiber/v2"
	"github.com/gofiber/fiber/v2/middleware/csrf"
	"github.com/gofiber/template/django/v3"
)

func main() {
	engine := django.New("./views", ".html")

	// Pass the engine to the Views
	app := fiber.New(fiber.Config{
		Views:             engine,
		PassLocalsToViews: true,
	})

	app.Use(csrf.New())

	app.Get("/", func(c *fiber.Ctx) error {
		// Render index
		return c.Render("index", fiber.Map{
			"Title": "Hello, World!",
		})
	})

	log.Fatal(app.Listen(":3000"))
}

Checklist:

  • I agree to follow Fiber's Code of Conduct.
  • I have checked for existing issues that describe my problem prior to opening this one.
  • I understand that improperly formatted bug reports may be closed without explanation.
@ReneWerner87
Copy link
Member

@sixcolors can you help here

@sixcolors sixcolors changed the title 🐛 [Bug]: CSRF middleware issue 🐛 [Bug]: CSRF middleware default context key and PassLocalsToViews Oct 19, 2023
@sixcolors sixcolors changed the title 🐛 [Bug]: CSRF middleware default context key and PassLocalsToViews 🐛 [Bug]: CSRF middleware default ContextKey and PassLocalsToViews Oct 19, 2023
@sixcolors
Copy link
Member

sixcolors commented Oct 19, 2023
edited
Loading

@ly020044 I am looking into this now. It doesn't cause errors with any other supported fiber template engine.

@sixcolors sixcolors mentioned this issue Oct 19, 2023
Merged
@sixcolors
Copy link
Member

sixcolors commented Oct 19, 2023
edited
Loading

gofiber/template/django/v3 will pass keys to Pongo2 that do not meet the regex in checkForValidIdentifiers()

The regex is:

var reIdentifiers = regexp.MustCompile("^[a-zA-Z0-9_]+$")

I have created a PR that will exclude any KVP that has an "invalid identifier".

Fixed in gofiber/template#307

@sixcolors sixcolors mentioned this issue Oct 19, 2023
Closed
3 tasks
@sixcolors
Copy link
Member

I have submitted a proposal related to this issue: #2684

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
☢️ Bug
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: django only ValidIdentifiers gofiber/template
3 participants
@sixcolors @ReneWerner87 @ly020044