mirror of
https://github.com/fastapi-users/fastapi-users.git
synced 2026-03-13 07:49:55 +08:00
1df7c1038d
🛡️ Security Fix ---------------- A CSRF vulnerability was identified in the OAuth2 flow. To mitigate this, the authorize endpoint will set a cookie in the response, and this cookie will be expected in the callback request. In most cases, this change should work out-of-the-box, but in certain scenarios (e.g. cross-domain setups), additional configuration may be required for the cookie to be correctly sent and received. [[Read more](https://fastapi-users.github.io/fastapi-users/dev/configuration/oauth/#csrf-cookie-configuration)] **Thanks to @davidbors-snyk from [Snyk](https://github.com/snyk) for his research, responisble disclosure, and assistance in fixing this issue.** Improvements ------------ * Bump dependencies * `python-multipart ==0.0.21` * `pwdlib[argon2,bcrypt] ==0.3.0`