Skip to content

Endpoint route metadata that is applied and never evaluated might be problematic #8526

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
DamianEdwards opened this issue Mar 14, 2019 · 3 comments
Closed

Endpoint route metadata that is applied and never evaluated might be problematic #8526

DamianEdwards opened this issue Mar 14, 2019 · 3 comments
Assignees
@pranavkm
Labels
area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates enhancement This issue represents an ask for new feature or an enhancement to an existing one ✔️ Resolution: Duplicate Resolved as a duplicate of another issue

Comments

@DamianEdwards
Copy link
Member

It's very easy to add required endpoint metadata that won't be evaluated at all which in some cases could be a security issue (e.g. authorization) from the point of view of the user. Idea here is to enable marking metadata as requiring to be evaluated and if it isn't by execution, throw. This could also be codified at design/compile-time with analyzers.

@rynowak @davidfowl
@DamianEdwards DamianEdwards added the area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates label Mar 14, 2019
@DamianEdwards DamianEdwards changed the title Endpoint route metadata might be applied that is never evaluated Endpoint route metadata that is applied and never evaluated might be problematic Mar 14, 2019
@rynowak rynowak added the enhancement This issue represents an ask for new feature or an enhancement to an existing one label Mar 15, 2019
@rynowak rynowak self-assigned this Mar 15, 2019
@rynowak rynowak added this to the 3.0.0-preview4 milestone Mar 15, 2019
@danroth27 danroth27 assigned pranavkm and unassigned rynowak Apr 9, 2019
@pranavkm
Copy link
Contributor

pranavkm commented Apr 9, 2019

Is this the same issue as #9041 or do we need a more general purpose way of signalling that a metadata was evaluated?

@rynowak
Copy link
Member

rynowak commented Apr 10, 2019

This is the same as #9041 - we're just fixing this for the security-related metadata. I don't think we have try to extra a user-facing feature from this.

@pranavkm
Copy link
Contributor

Closing as dup in that case.

@pranavkm pranavkm added the ✔️ Resolution: Duplicate Resolved as a duplicate of another issue label Apr 10, 2019
@pranavkm pranavkm removed this from the 3.0.0-preview5 milestone Apr 10, 2019
@DamianEdwards DamianEdwards mentioned this issue Sep 16, 2019
Closed
@ghost ghost locked as resolved and limited conversation to collaborators Dec 3, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees

@pranavkm pranavkm

Labels
area-mvc Includes: MVC, Actions and Controllers, Localization, CORS, most templates enhancement This issue represents an ask for new feature or an enhancement to an existing one ✔️ Resolution: Duplicate Resolved as a duplicate of another issue
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@pranavkm @DamianEdwards @rynowak @danroth27