liquid_feedback_frontend

changeset 1494:3e9b0f1adec3
Removed token based CSRF protection (WebMCP uses SameSite cookies now)
author: bsw
date: Mon Dec 09 15:54:57 2019 +0100 (2019-12-09)
parents: 6b4deab5160a
children: 17e7082c377a
files: app/main/_filter/20_session.lua model/session.lua
     1.1 --- a/app/main/_filter/20_session.lua	Mon Aug 26 15:55:48 2019 +0200
     1.2 +++ b/app/main/_filter/20_session.lua	Mon Dec 09 15:54:57 2019 +0100
     1.3 @@ -11,8 +11,6 @@
     1.4    }
     1.5  end
     1.6  
     1.7 -request.set_csrf_secret(app.session:additional_secret_for("csrf"))
     1.8 -
     1.9  locale.set{ lang = app.session.lang or config.default_lang or "en" }
    1.10  
    1.11  if locale.get("lang") == "de" then

     2.1 --- a/model/session.lua	Mon Aug 26 15:55:48 2019 +0200
     2.2 +++ b/model/session.lua	Mon Dec 09 15:54:57 2019 +0100
     2.3 @@ -20,7 +20,7 @@
     2.4  
     2.5  local secret_length = 24
     2.6  local secret_alphabet = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz'
     2.7 -local secret_purposes = { "oauth", "csrf", "_other" }
     2.8 +local secret_purposes = { "oauth", "_other" }
     2.9  for idx, purpose in ipairs(secret_purposes) do
    2.10    secret_purposes[purpose] = idx
    2.11  end
author	bsw
date	Mon Dec 09 15:54:57 2019 +0100 (2019-12-09)
parents	6b4deab5160a
children	17e7082c377a
files	app/main/_filter/20_session.lua model/session.lua