feat: add state parameter to OAuth strategies for enhanced security by Yukaii · Pull Request #1902 · hackmdio/codimd
Pull Request Overview
This PR adds a "state" parameter to various OAuth strategies in order to enhance security across authentication providers.
- Add "state: true" configuration to OAuth strategies for Twitter, Google, Gitlab, GitHub, Facebook, Dropbox, and Bitbucket.
- Update trailing commas for consistency in the configuration objects.
Reviewed Changes
Copilot reviewed 7 out of 7 changed files in this pull request and generated no comments.
Show a summary per file
| File | Description |
|---|---|
| lib/auth/twitter/index.js | Added "state: true" to Twitter strategy (OAuth 1.0) configuration. |
| lib/auth/google/index.js | Added "state: true" to Google strategy configuration. |
| lib/auth/gitlab/index.js | Added "state: true" to Gitlab strategy configuration. |
| lib/auth/github/index.js | Added "state: true" to GitHub strategy configuration. |
| lib/auth/facebook/index.js | Added "state: true" to Facebook strategy configuration. |
| lib/auth/dropbox/index.js | Added "state: true" to Dropbox strategy configuration. |
| lib/auth/bitbucket/index.js | Added "state: true" to Bitbucket strategy configuration. |
Comments suppressed due to low confidence (1)
lib/auth/twitter/index.js:16
- TwitterStrategy is based on OAuth 1.0a, which typically does not support the state parameter. Please verify if including the state parameter for enhanced security is intended in this context.