Thijs/wiki.techinc.nl

Fork 0

Commit graph

Author	SHA1	Message	Date
daniel	905f6fc890	REST: page/ endpoints: don't use tokens with OAuth CSRF tokens should only be required (and only be allowed) if the current session isn't already inherently safe against CSRF due to the way the authentication mechanism works. This allows (and requires) tokens to be omitted for requests that use an OAuth Authorization header. Bug: T230843 Bug: T230842 Bug: T237852 Change-Id: Ib2922d556ff2470d4bf8c386c18986ca9f37d1b5	2020-03-27 12:20:22 +01:00
daniel	58e5332991	page/update endpoint Bug: T230843 Change-Id: I95289eddfc9ab2e0cef11b9363a5e239cdb2258e	2020-03-23 16:59:21 +01:00

Author

SHA1

Message

Date

daniel

905f6fc890

REST: page/ endpoints: don't use tokens with OAuth

CSRF tokens should only be required (and only be allowed) if
the current session isn't already inherently safe against
CSRF due to the way the authentication mechanism works.
This allows (and requires) tokens to be omitted for requests
that use an OAuth Authorization header.

Bug: T230843
Bug: T230842
Bug: T237852
Change-Id: Ib2922d556ff2470d4bf8c386c18986ca9f37d1b5

2020-03-27 12:20:22 +01:00

daniel

58e5332991

page/update endpoint

Bug: T230843
Change-Id: I95289eddfc9ab2e0cef11b9363a5e239cdb2258e

2020-03-23 16:59:21 +01:00

2 commits