Andrew Dolgov
|
0a142912d3
|
backend handler: require CSRF, remove obsolete code
|
2020-09-15 18:08:08 +03:00 |
Andrew Dolgov
|
154417d80b
|
public/logout: require valid CSRF token
|
2020-09-15 16:59:11 +03:00 |
Andrew Dolgov
|
8080c525fd
|
- backend: require CSRF token to be passed via POST
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
|
2020-09-15 16:12:53 +03:00 |
Andrew Dolgov
|
7e50c6c4b5
|
- enable CSRF support earlier
- remove rpc/sanityCheck from CSRF-excluded calls
|
2020-09-15 15:32:17 +03:00 |
Andrew Dolgov
|
b4cb67e77f
|
remove csrf token from rpc method sanityCheck
|
2020-09-14 20:00:01 +03:00 |
Andrew Dolgov
|
d01ad09800
|
eslint-related fixes; move a few things from global context to App
|
2020-06-05 07:44:57 +03:00 |
Andrew Dolgov
|
88027d7a39
|
fix various minor issues reported by eslint
|
2020-06-04 23:27:22 +03:00 |
Andrew Dolgov
|
9d28b3ac50
|
unify prefs/main App objects, remove fake classes, use single static App object instead
|
2020-06-04 22:19:23 +03:00 |