1. 06 Dec, 2021 1 commit
  2. 02 Dec, 2021 2 commits
  3. 23 Nov, 2021 1 commit
  4. 18 Oct, 2021 2 commits
  5. 15 Oct, 2021 1 commit
  6. 12 Oct, 2021 2 commits
  7. 30 Sep, 2021 1 commit
  8. 08 Sep, 2021 2 commits
  9. 24 Aug, 2021 1 commit
  10. 20 Aug, 2021 6 commits
  11. 11 Aug, 2021 1 commit
    • Laurent Peuch's avatar
      fix: on /rqlio, csrf is activaved only on multipart/form-data · 42202cdd7c57
      Laurent Peuch authored
      POST for application/json are safe from csrf but not multipart/form-data.
      CSRF protection is thus disabled on application/json (no matter the authentications method).
      
      For multipart/form-data, there are 3 usecases:
      
      1. multipart/form-data authenticated by cookies (webrowser), this requires
         csrf and this is handled by MultipartRqlIOController.
      2. multipart/form-data anon user, this does not require csrf and this in
         handled by AnonMultipartRqlIOController
      3. multipart/form-data authenticated with authorization, this does not
         requires csrf as there is an authentification. This is not handled here
         but in signed-request that implements the authentification.
      42202cdd7c57
  12. 22 Jul, 2021 1 commit
  13. 03 Aug, 2021 1 commit
  14. 30 Jul, 2021 13 commits
  15. 17 Jul, 2021 1 commit
  16. 16 Jul, 2021 1 commit
  17. 21 Apr, 2021 1 commit
  18. 13 Jan, 2021 1 commit
  19. 09 Dec, 2020 1 commit