Thijs/wiki.techinc.nl

Fork 0

Commit graph

Author	SHA1	Message	Date
daniel	905f6fc890	REST: page/ endpoints: don't use tokens with OAuth CSRF tokens should only be required (and only be allowed) if the current session isn't already inherently safe against CSRF due to the way the authentication mechanism works. This allows (and requires) tokens to be omitted for requests that use an OAuth Authorization header. Bug: T230843 Bug: T230842 Bug: T237852 Change-Id: Ib2922d556ff2470d4bf8c386c18986ca9f37d1b5	2020-03-27 12:20:22 +01:00
daniel	65342f8353	Define POST handler for /page/: create page NOTE: once this is merged, also merge Ie7b47e6868cc on the OAuth repo, to fix unit tests after a breaking change to Router's constructor signature. Bug: T230842 Change-Id: I8f5b92918a58e44a4f2d8c78d234d9f64c2d06bf	2020-03-25 20:49:20 +01:00
daniel	58e5332991	page/update endpoint Bug: T230843 Change-Id: I95289eddfc9ab2e0cef11b9363a5e239cdb2258e	2020-03-23 16:59:21 +01:00

Author

SHA1

Message

Date

daniel

905f6fc890

REST: page/ endpoints: don't use tokens with OAuth

CSRF tokens should only be required (and only be allowed) if
the current session isn't already inherently safe against
CSRF due to the way the authentication mechanism works.
This allows (and requires) tokens to be omitted for requests
that use an OAuth Authorization header.

Bug: T230843
Bug: T230842
Bug: T237852
Change-Id: Ib2922d556ff2470d4bf8c386c18986ca9f37d1b5

2020-03-27 12:20:22 +01:00

daniel

65342f8353

Define POST handler for /page/: create page

NOTE: once this is merged, also merge Ie7b47e6868cc on the OAuth repo,
to fix unit tests after a breaking change to Router's constructor
signature.

Bug: T230842
Change-Id: I8f5b92918a58e44a4f2d8c78d234d9f64c2d06bf

2020-03-25 20:49:20 +01:00

daniel

58e5332991

page/update endpoint

Bug: T230843
Change-Id: I95289eddfc9ab2e0cef11b9363a5e239cdb2258e

2020-03-23 16:59:21 +01:00

3 commits