• Nick Stenning's avatar
    Remove "assertion" GET param from token requests · e0e23bde
    Nick Stenning authored
    When fetching a JWT from the server, the client needs to supply the
    session CSRF token in order to prevent third-party pages from being able
    to fetch and use tokens without the user's permission.
    
    Previously, it was necessary to supply this token in the "assertion" GET
    parameter -- in an attempt to make this look a bit like an OAuth token
    issuance API -- but in Pyramid 1.7 this isn't allowed, and it turns out
    not to be necessary, because Angular's CSRF support retrieves the token
    from an XSRF-TOKEN cookie set in earlier requests and sets the
    X-CSRF-Token request header automatically.
    e0e23bde
Name
Last commit
Last update
..
integration Loading commit data...
annotation-fixtures.js Loading commit data...
annotation-mapper-test.js Loading commit data...
annotation-metadata-test.js Loading commit data...
annotation-sync-test.coffee Loading commit data...
annotation-ui-controller-test.js Loading commit data...
annotation-ui-sync-test.js Loading commit data...
annotation-ui-test.js Loading commit data...
annotation-viewer-controller-test.js Loading commit data...
app-controller-test.js Loading commit data...
auth-test.js Loading commit data...
bootstrap.js Loading commit data...
bridge-test.coffee Loading commit data...
build-thread-test.js Loading commit data...
cross-frame-test.coffee Loading commit data...
discovery-test.coffee Loading commit data...
drafts-test.js Loading commit data...
empty.html Loading commit data...
features-test.js Loading commit data...
form-respond-test.coffee Loading commit data...
groups-test.js Loading commit data...
host-test.coffee Loading commit data...
local-storage-test.coffee Loading commit data...
login-form-test.coffee Loading commit data...
markdown-commands-test.js Loading commit data...
media-embedder-test.js Loading commit data...
permissions-test.coffee Loading commit data...
promise-util.js Loading commit data...
raven-test.js Loading commit data...
render-markdown-test.js Loading commit data...
retry-util-test.js Loading commit data...
root-thread-test.js Loading commit data...
search-client-test.js Loading commit data...
search-filter-test.coffee Loading commit data...
service-url-test.js Loading commit data...
session-test.js Loading commit data...
settings-test.js Loading commit data...
store-test.js Loading commit data...
stream-controller-test.coffee Loading commit data...
streamer-test.js Loading commit data...
tab-counts-test.js Loading commit data...
tags-test.coffee Loading commit data...
time-test.js Loading commit data...
unicode-test.coffee Loading commit data...
util.js Loading commit data...
view-filter-test.coffee Loading commit data...
virtual-thread-list-test.js Loading commit data...
websocket-test.js Loading commit data...
widget-controller-test.js Loading commit data...