https://deploy-preview-674--k8s-prow.netlify.app/docs/components/core/deck/ Recent content in Deck on Prow Hugo en https://deploy-preview-674--k8s-prow.netlify.app/docs/components/core/deck/github-oauth-setup/ Mon, 01 Jan 0001 00:00:00 +0000 https://deploy-preview-674--k8s-prow.netlify.app/docs/components/core/deck/github-oauth-setup/ <p>This document helps configure GitHub Oauth, which is required for <a href="https://prow.k8s.io/pr">PR Status</a> and for the rerun button on <a href="https://prow.k8s.io">Prow Status</a>. If OAuth is configured, Prow will perform GitHub actions on behalf of the authenticated users. This is necessary to fetch information about pull requests for the PR Status page and to authenticate users when checking if they have permission to rerun jobs via the rerun button on Prow Status.</p> <h2 id="set-up-secrets">Set up secrets</h2> <p>The following steps will show you how to set up an OAuth app.</p> https://deploy-preview-674--k8s-prow.netlify.app/docs/components/core/deck/csrf/ Mon, 01 Jan 0001 00:00:00 +0000 https://deploy-preview-674--k8s-prow.netlify.app/docs/components/core/deck/csrf/ <p>In Deck, we make a number of <code>POST</code> requests that require user authentication. These requests are susceptible to <a href="https://en.wikipedia.org/wiki/Cross-site_request_forgery">cross site request forgery (CSRF) attacks</a>, in which a malicious actor tricks an already authenticated user into submitting a form to one of these endpoints and performing one of these protected actions on their behalf.</p> <h2 id="protection">Protection</h2> <p>If <code>--cookie-secret</code> is 32 or more bytes long, CSRF protection is automatically enabled. If <code>--rerun-creates-job</code> is specified, CSRF protection is required, and accordingly, <code>--cookie-secret</code> must be 32 bytes long.</p>