Skip to content

refactor(AppFramekwork): Clarify SecurityMiddleware security checks#62322

Draft
joshtrichards wants to merge 7 commits into
masterfrom
jtr/refactor-security-middleware
Draft

refactor(AppFramekwork): Clarify SecurityMiddleware security checks#62322
joshtrichards wants to merge 7 commits into
masterfrom
jtr/refactor-security-middleware

Conversation

@joshtrichards

Copy link
Copy Markdown
Member
  • Resolves: #

Summary

Refactor SecurityMiddleware::beforeController() to make its security policy easier to follow without changing the established check order.

  • Move metadata into clear predicates for cleaner authorization, cookie, and CSRF checks.
  • Document compatibility behavior and policy rationale.
  • Clean up outdated comments.
  • Crucial: Retain original validation order to ensure error exceptions remain identical.

Notes

The Bearer authorization-scheme check is now case-insensitive, consistent with HTTP authentication-scheme matching.

TODO

  • Confirm all existing tests pass
  • Fill in test gaps:
    • AppAPI-without-user
    • authorized-admin-setting delegation
    • denied admin IPs.

Checklist

AI (if applicable)

  • The content of this PR was partly or fully generated using AI

- Move metadata into clear predicates for cleaner authorization, cookie, and CSRF checks.
- Document compatibility behavior and policy rationale.
- Clean up outdated comments.
- Crucial: Retain original validation order to ensure error exceptions remain identical.

Signed-off-by: Josh <josh.t.richards@gmail.com>
Signed-off-by: Josh <josh.t.richards@gmail.com>
@joshtrichards joshtrichards added 2. developing Work in progress developer experience ♻️ refactor Refactor code (not a bug fix, not a feature just refactoring) labels Jul 18, 2026
@joshtrichards joshtrichards changed the title refactor(security): Clarify SecurityMiddleware controller security checks refactor(AppFramekwork): Clarify SecurityMiddleware security checks Jul 18, 2026
Align / make more consistent

Signed-off-by: Josh <josh.t.richards@gmail.com>
Signed-off-by: Josh <josh.t.richards@gmail.com>
Signed-off-by: Josh <josh.t.richards@gmail.com>
Signed-off-by: Josh <josh.t.richards@gmail.com>
Signed-off-by: Josh <josh.t.richards@gmail.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

2. developing Work in progress developer experience ♻️ refactor Refactor code (not a bug fix, not a feature just refactoring)

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant