Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[LiveComponent] Allow configuring secret for fingerprints and checksums #2462

Merged
merged 1 commit into from
Dec 24, 2024
Merged

[LiveComponent] Allow configuring secret for fingerprints and checksums #2462

merged 1 commit into from
Dec 24, 2024
+163 −6

Conversation

smnandre
Copy link
Member

Q A
Bug fix? no
New feature? yes
Issues Fix #2453
License MIT

Allow to configure a dedicated secret (used in FingerprintCalculator and LiveComonentHydrator)

Suggested by @dkarlovi in #2453
Implementation inspired by symfony #56840

Should be merged after #2461

@carsonbot carsonbot added Feature New Feature LiveComponent Status: Needs Review Needs to be reviewed labels Dec 21, 2024
@smnandre smnandre mentioned this pull request Dec 21, 2024
Closed
@smnandre smnandre requested review from kbond and Kocal December 21, 2024 17:37
@smnandre smnandre added the Security Security Issue label Dec 21, 2024
Kocal
Kocal approved these changes Dec 22, 2024
View reviewed changes
Copy link
Member

@Kocal Kocal left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's an interesting approach, are there any plans to open a PR on symfony/recipes?

@carsonbot carsonbot added Status: Reviewed Has been reviewed by a maintainer and removed Status: Needs Review Needs to be reviewed labels Dec 22, 2024
@smnandre
Copy link
Member Author

Not at all, why?

@kbond
Copy link
Member

kbond commented Dec 23, 2024

Is there any considerations we need to make regarding: https://symfony.com/blog/new-in-symfony-7-2-optional-secret ?

@smnandre
Copy link
Member Author

@kbond I don't think so, if i understand this correctly

With these changes, if you enable a feature that requires a secret but have not configured one, Symfony will throw an exception with a clear message explaining how to resolve the issue.

But that's one of the reasons this PR checks for empty secrets: #2461)

@Kocal
Copy link
Member

Kocal commented Dec 23, 2024
edited
Loading

Not at all, why?

For pure user-DX, I believe creating recipes with commented/default options is nice to have

@smnandre
Copy link
Member Author

This would be the only options for the live_component package.. so i'm not sure we want to annoy existing apps with a new file for this only.. it's more a power-user to me and can lead to very bad/insecure choices :|

I guess this is something we will do easier when centralized (at least a bit) in UX Bundle

@Kocal
Copy link
Member

Kocal commented Dec 23, 2024

Makes sense, thanks! :)

@smnandre smnandre force-pushed the feat/configure-live-secret branch from 339ef20 to a641a2e Compare December 24, 2024 05:25
@smnandre smnandre merged commit 68821ae into symfony:2.x Dec 24, 2024
1 check was pending
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@Kocal Kocal Kocal approved these changes

@kbond kbond kbond approved these changes

Assignees
No one assigned
Labels
Feature New Feature LiveComponent Security Security Issue Status: Reviewed Has been reviewed by a maintainer
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[LiveComponent] Allow specifying a live-component specific secret which defaults to kernel.secret
4 participants
@smnandre @kbond @Kocal @carsonbot