- 11 Aug, 2021 1 commit
-
-
Laurent Peuch authored
POST for application/json are safe from csrf but not multipart/form-data. CSRF protection is thus disabled on application/json (no matter the authentications method). For multipart/form-data, there are 3 usecases: 1. multipart/form-data authenticated by cookies (webrowser), this requires csrf and this is handled by MultipartRqlIOController. 2. multipart/form-data anon user, this does not require csrf and this in handled by AnonMultipartRqlIOController 3. multipart/form-data authenticated with authorization, this does not requires csrf as there is an authentification. This is not handled here but in signed-request that implements the authentification.
-
- 25 Sep, 2020 1 commit
-
-
Laurent Peuch authored
-
- 12 Mar, 2014 3 commits
-
-
Julien Cristau authored
-
Julien Cristau authored
Lets us extend it later without breaking clients.
-
Florent Cayré authored
Related to #3639007.
-
- 13 Dec, 2013 1 commit
-
-
Aurelien Campeas authored
-