TiddlyWiki5

mirror of https://github.com/Jermolene/TiddlyWiki5.git synced 2026-01-12 04:11:00 -08:00

Author	SHA1	Message	Date
Jermolene	cc2f5e0d11	Tweaks to the single tiddler static view Adding a simple sidebar	2018-07-01 12:05:51 +01:00
Jermolene	0d7d1ad67e	First pass at a route for serving rendered tiddlers cc @Drakor	2018-06-30 14:35:37 +01:00
Jermolene	ed2546c8ff	Add support for HTTPS	2018-06-27 22:07:06 +01:00
Jermolene	867488a25b	Add custom request header as CSRF mitigation By default we require the header X-Requested-With to be set to TiddlyWiki. Can be overriden by setting csrfdisable to "yes" See https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Protecting_REST_Services:_Use_of_Custom_Request_Headers	2018-06-27 19:10:36 +01:00
Jermolene	620116a0b4	Fix two code typos	2018-06-27 11:08:09 +01:00
Jermolene	adfd65dae2	Return read_only status in /status response	2018-06-27 10:24:32 +01:00
Jermolene	687eae333d	Refactor authorization checks	2018-06-27 10:24:14 +01:00
Jermolene	3d77f18734	Add support for requiring authentication without restricting the username	2018-06-27 09:47:20 +01:00
Jermolene	8a91c07fa9	Remove obsolete code	2018-06-27 09:47:05 +01:00
Jermolene	bdb68fea6d	Do the right thing when we have a username but no password With a username parameter but no password parameter we'll attribute edits to that username, but not require authentication.	2018-06-26 15:40:29 +01:00
Jermolene	501d0a8edc	Be consistent about lower case parameter names	2018-06-26 15:39:43 +01:00
Jermolene	6f8711d469	Correct mistaken path.join vs. path.resolve See https://stackoverflow.com/a/39836259	2018-06-25 17:19:50 +01:00
Jermolene	13f7959e63	Refactor the two authenticators into separate modules and add support for authorization	2018-06-25 17:11:41 +01:00
Jermolene	1c24b3a761	Rename "serverroute" module type to "route"	2018-06-23 09:28:59 +01:00
Jermolene	b70ebadda5	Refactor module locations	2018-06-22 22:02:57 +01:00

15 commits