Andrew Dolgov
|
0a142912d3
|
backend handler: require CSRF, remove obsolete code
|
4 years ago |
Andrew Dolgov
|
154417d80b
|
public/logout: require valid CSRF token
|
4 years ago |
Andrew Dolgov
|
8080c525fd
|
- backend: require CSRF token to be passed via POST
- do not leak CSRF token via GET request in feed debugger
- rework Article/redirect to use POST
|
4 years ago |
Andrew Dolgov
|
7e50c6c4b5
|
- enable CSRF support earlier
- remove rpc/sanityCheck from CSRF-excluded calls
|
4 years ago |
Andrew Dolgov
|
b4cb67e77f
|
remove csrf token from rpc method sanityCheck
|
4 years ago |
Andrew Dolgov
|
d01ad09800
|
eslint-related fixes; move a few things from global context to App
|
5 years ago |
Andrew Dolgov
|
88027d7a39
|
fix various minor issues reported by eslint
|
5 years ago |
Andrew Dolgov
|
9d28b3ac50
|
unify prefs/main App objects, remove fake classes, use single static App object instead
|
5 years ago |