yuuza/outline
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix: Increase entropy of state string for OAuth process

Browse Source 
closes #2663
This commit is contained in:
Tom Moor
2021-10-14 16:52:19 -07:00
parent 6a1566c275
commit 2219cfd83e
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
server/utils/passport.js
View File

@@ -9,7 +9,8 @@ export class StateStore {
key: string = "state";
store = (req: Request, callback: (err: ?Error, state?: string) => void) => {
const state = Math.random().toString(36).substring(7);
// Produce an 8-character random string as state
const state = Math.random().toString(36).slice(-8);
// $FlowFixMe
req.cookies.set(this.key, state, {