Mathijs de Bruin
Mathijs de Bruin
I've given this some thought, I think indeed it would be best to 'slugify' the URL on the client side (not on the server side). I'll need to analyse more...
> https://github.com/Chainlit/chainlit/blob/main/frontend/src/components/molecules/messages/components/Avatar.tsx#L31 What I'm saying is a clean fix is to move filename sanitation (`avatar_id.strip().lower().replace(" ", "_")`) to the client side and enforce 'clean' URL's. I realise we need to...
I'm not gonna allow ~~spaces~~dots here though. That's exactly the kinda stuff which makes the code more prone to bugs. I'm looking forward (or will roll) a patch which will...
Cleaner proposal, proper client-side sanitation. We want to server to be conservative. Going forward, let's aim for industry-standard security. 😻 🗝️ See #1420. We'll either roll that one or #1418...
Effectively, it seems that logout is not implemented for oauth. Not sure whether this is a bug or a feature, but I can definitely validate this.
Hey everyone, here's a little update on this saga which admittedly, is far from an ideal situation. Let me start by stating clearly that _getting all auth stuff out of...
TLDR; Initial testing with #1362 suggests that: * GH respects `prompt=consent` * Descope only respects `prompt=login` I'd love to have feedback on (and don't have scope to test) other OAuth...
Quick update; we'll do a RC with #1362 on Wednesday, solving the UX part of this issue.
Thanks for the feedback! Given the current implementation, this is expected behaviour; `mount_chainlit()` will 'grab' all of the URL space once it's executed. Hence it should be called _after_ any...
Thanks for the contrib! @qtangs is currently working on a full refactor of the SQLAlchemy stuff, I already asked him to take this into account. It would be good to...