Markers
Table of Contents
| src/IndieAuthException.php | 1 |
| src/Middleware/DoubleSubmitCookieCsrfMiddleware.php | 1 |
| src/Server.php | 6 |
| src/Storage/FilesystemJsonStorage.php | 1 |
IndieAuthException.php
| Type | Line | Description |
|---|---|---|
| TODO | 34 | should this one be a 500 because it’s an internal server error, or a 400 because the client_id was likely invalid? Is anyone ever going to notice, or care? |
DoubleSubmitCookieCsrfMiddleware.php
| Type | Line | Description |
|---|---|---|
| TODO | 129 | make sure CSRF token isn’t the empty string, possibly also check that it’s the same length |
Server.php
| Type | Line | Description |
|---|---|---|
| TODO | 465 | support method = plain as well as S256. |
| TODO | 503 | return an error if the token doesn’t contain a me key. |
| TODO | 734 | in order to comply with https://datatracker.ietf.org/doc/html/rfc6749#section-4.1.2.1, |
| TODO | 762 | if/when client_id gets normalised, we might have to do a normalised comparison rather than plain string comparison here. |
| TODO | 873 | support method = plain as well as S256. |
| TODO | 910 | return an error if the token doesn’t contain a me key. |
FilesystemJsonStorage.php
| Type | Line | Description |
|---|---|---|
| TODO | 299 | ensure that the calculated path is a child of $this->path. |