Skip to content

C
coopwire-hypothesis
Switch branch/tag
History Find file
  • Nick Stenning's avatar
    Remove "assertion" GET param from token requests · e0e23bde
    Nick Stenning authored 
    When fetching a JWT from the server, the client needs to supply the
session CSRF token in order to prevent third-party pages from being able
to fetch and use tokens without the user's permission.

Previously, it was necessary to supply this token in the "assertion" GET
parameter -- in an attempt to make this look a bit like an OAuth token
issuance API -- but in Pyramid 1.7 this isn't allowed, and it turns out
not to be necessary, because Angular's CSRF support retrieves the token
from an XSRF-TOKEN cookie set in earlier requests and sets the
X-CSRF-Token request header automatically.
    e0e23bde
Name
Last commit
 Last update
..
annotator Loading commit data...
directive Loading commit data...
filter Loading commit data...
test Loading commit data...
util Loading commit data...
vendor Loading commit data...
annotation-mapper.js Loading commit data...
annotation-metadata.js Loading commit data...
annotation-sync.coffee Loading commit data...
annotation-ui-controller.js Loading commit data...
annotation-ui-sync.js Loading commit data...
annotation-ui.js Loading commit data...
annotation-viewer-controller.js Loading commit data...
app-controller.js Loading commit data...
app.js Loading commit data...
auth.js Loading commit data...
bridge.coffee Loading commit data...
build-thread.js Loading commit data...
cross-frame.coffee Loading commit data...
date-util.js Loading commit data...
discovery.coffee Loading commit data...
drafts.js Loading commit data...
events.js Loading commit data...
features.js Loading commit data...
flash.coffee Loading commit data...
form-respond.coffee Loading commit data...
frame-rpc.js Loading commit data...
groups.js Loading commit data...
host.coffee Loading commit data...
karma.config.js Loading commit data...
live-reload-client.js Loading commit data...
local-storage.coffee Loading commit data...
markdown-commands.js Loading commit data...
media-embedder.js Loading commit data...
permissions.coffee Loading commit data...
polyfills.js Loading commit data...
query-parser.coffee Loading commit data...
raven.js Loading commit data...
render-markdown.js Loading commit data...
retry-util.js Loading commit data...
root-thread.js Loading commit data...
search-client.js Loading commit data...
search-filter.coffee Loading commit data...
service-url.js Loading commit data...
session.js Loading commit data...
settings.js Loading commit data...
store.js Loading commit data...
stream-controller.coffee Loading commit data...
stream-filter.coffee Loading commit data...
streamer.js Loading commit data...
tab-counts.js Loading commit data...
tags.coffee Loading commit data...
time.js Loading commit data...
tsconfig.json Loading commit data...
ui-constants.js Loading commit data...
unicode.coffee Loading commit data...
view-filter.coffee Loading commit data...
virtual-thread-list.js Loading commit data...
websocket.js Loading commit data...
widget-controller.js Loading commit data...