Thijs/wiki.techinc.nl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
wiki.techinc.nl/includes/session
History
daniel 905f6fc890 REST: page/ endpoints: don't use tokens with OAuth 
CSRF tokens should only be required (and only be allowed) if
the current session isn't already inherently safe against
CSRF due to the way the authentication mechanism works.
This allows (and requires) tokens to be omitted for requests
that use an OAuth Authorization header.

Bug: T230843
Bug: T230842
Bug: T237852
Change-Id: Ib2922d556ff2470d4bf8c386c18986ca9f37d1b5
2020-03-27 12:20:22 +01:00
..
BotPasswordSessionProvider.php Fix new phan errors, part 7 2019-10-21 22:10:20 +00:00
CookieSessionProvider.php Use PHP71 nullable type in setForceHTTPSCookie 2019-10-10 16:08:51 +00:00
ImmutableSessionProviderWithCookie.php
MetadataMergeException.php Remove duplicate variable name from class property PHPDocs 2019-12-02 12:58:29 +00:00
PHPSessionHandler.php Coding style: Auto-fix MediaWiki.Classes.UnsortedUseStatements.UnsortedUse 2020-01-10 09:32:25 -08:00
Session.php REST: page/ endpoints: don't use tokens with OAuth 2020-03-27 12:20:22 +01:00
SessionBackend.php
SessionId.php
SessionInfo.php build: Upgrade phan to 0.9.0 2019-12-07 20:16:19 +00:00
SessionManager.php Coding style: Auto-fix MediaWiki.Classes.UnsortedUseStatements.UnsortedUse 2020-01-10 09:32:25 -08:00
SessionManagerInterface.php Follow up to 'Remove support for the deprecated Key header' 2019-06-20 15:01:51 -04:00
SessionOverflowException.php Set method visibility for various constructors 2019-12-03 20:17:30 +01:00
SessionProvider.php Allow SessionProviderInterface to say if it is safe against CSRF 2020-03-11 10:39:54 -05:00
SessionProviderInterface.php Allow SessionProviderInterface to say if it is safe against CSRF 2020-03-11 10:39:54 -05:00
Token.php Clean up spacing of doc comments 2019-08-05 22:29:50 +00:00
UserInfo.php Unsuppress PhanParamReqAfterOpt, use PHP71 nullable types 2019-10-10 11:53:58 +02:00