mirrors/TiddlyWiki5
1
Fork 0
mirror of https://github.com/Jermolene/TiddlyWiki5.git synced 2026-01-11 11:42:32 -08:00
Code Issues Projects Releases Packages Wiki Activity
8503 commits 141 branches 70 tags 113 MiB
Commit graph

10 commits

Author SHA1 Message Date
Jermolene
ed2546c8ff Add support for HTTPS 2018-06-27 22:07:06 +01:00
Jermolene
867488a25b Add custom request header as CSRF mitigation 
By default we require the header X-Requested-With to be set to TiddlyWiki. Can be overriden by setting csrfdisable to "yes"

See https://www.owasp.org/index.php/Cross-Site_Request_Forgery_(CSRF)_Prevention_Cheat_Sheet#Protecting_REST_Services:_Use_of_Custom_Request_Headers
 2018-06-27 19:10:36 +01:00
Jermolene
620116a0b4 Fix two code typos 2018-06-27 11:08:09 +01:00
Jermolene
687eae333d Refactor authorization checks 2018-06-27 10:24:14 +01:00
Jermolene
3d77f18734 Add support for requiring authentication without restricting the username 2018-06-27 09:47:20 +01:00
Jermolene
bdb68fea6d Do the right thing when we have a username but no password 
With a username parameter but no password parameter we'll attribute edits to that username, but not require authentication.
 2018-06-26 15:40:29 +01:00
Jermolene
501d0a8edc Be consistent about lower case parameter names 2018-06-26 15:39:43 +01:00
Jermolene
13f7959e63 Refactor the two authenticators into separate modules and add support for authorization 2018-06-25 17:11:41 +01:00
Jermolene
1c24b3a761 Rename "serverroute" module type to "route" 2018-06-23 09:28:59 +01:00
Jermolene
b70ebadda5 Refactor module locations 2018-06-22 22:02:57 +01:00
Renamed from core/modules/server.js (Browse further)