Joseph Schorr
|
1302fd2fbd
|
Switch csrf token check to use compare_digest to prevent timing attacks
Also adds some additional tests for CSRF tokens
|
2016-12-08 23:46:31 -05:00 |
|
Joseph Schorr
|
ff52fde8a5
|
Have Quay always use an OAuth-specific CSRF token
This change ensures that we always store and then check the contents of the OAuth `state` argument against a session-stored CSRF token.
Fixes https://www.pivotaltracker.com/story/show/135803615
|
2016-12-08 16:11:57 -05:00 |
|
Joseph Schorr
|
4ca877c1d4
|
Add ability to download system logs
|
2014-12-23 14:01:00 -05:00 |
|
Jimmy Zelinskie
|
716d7a737b
|
Strip whitespace from ALL the things.
|
2014-11-24 16:07:38 -05:00 |
|
jakedt
|
f1a7f86780
|
Fix CSRF token generation.
|
2014-03-25 17:51:22 -04:00 |
|
jakedt
|
219fbd6950
|
Make the CSRF checks mandatory.
|
2014-03-25 14:35:19 -04:00 |
|
jakedt
|
f060fd6ae0
|
Fix and unify CSRF support across web and API endpoints.
|
2014-03-25 14:32:26 -04:00 |
|