1. 24 Aug, 2021 1 commit
  2. 20 Aug, 2021 6 commits
  3. 11 Aug, 2021 1 commit
    • Laurent Peuch's avatar
      fix: on /rqlio, csrf is activaved only on multipart/form-data · 42202cdd7c57
      Laurent Peuch authored
      POST for application/json are safe from csrf but not multipart/form-data.
      CSRF protection is thus disabled on application/json (no matter the authentications method).
      
      For multipart/form-data, there are 3 usecases:
      
      1. multipart/form-data authenticated by cookies (webrowser), this requires
         csrf and this is handled by MultipartRqlIOController.
      2. multipart/form-data anon user, this does not require csrf and this in
         handled by AnonMultipartRqlIOController
      3. multipart/form-data authenticated with authorization, this does not
         requires csrf as there is an authentification. This is not handled here
         but in signed-request that implements the authentification.
      42202cdd7c57
  4. 22 Jul, 2021 1 commit
  5. 03 Aug, 2021 1 commit
  6. 30 Jul, 2021 13 commits
  7. 17 Jul, 2021 1 commit
  8. 16 Jul, 2021 1 commit
  9. 21 Apr, 2021 1 commit
  10. 13 Jan, 2021 1 commit
  11. 09 Dec, 2020 1 commit
  12. 01 Dec, 2020 1 commit
  13. 25 Sep, 2020 1 commit
  14. 29 May, 2020 2 commits
  15. 20 Mar, 2020 1 commit
  16. 29 May, 2020 1 commit
  17. 28 May, 2020 2 commits
  18. 27 May, 2020 1 commit
  19. 18 May, 2020 2 commits
  20. 20 Mar, 2020 1 commit