nocebo/diaspora
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
diaspora/app
History
Steven Hancock fc4b8d2af0 Skip CSRF token for OmniAuth callbacks (prevents session reset) 
OmniAuth callbacks need to accept a raw POST from the auth provider without
verifying the CSRF token, otherwise the session will be reset.

See intridea/omniauth#203
See also http://www.communityguides.eu/articles/16

(This technique will also be needed for API endpoints when the time comes)
2012-03-29 18:51:54 -07:00
..
assets the header background is not in the branding folder [ci skip] 2012-03-29 16:46:08 -07:00
controllers Skip CSRF token for OmniAuth callbacks (prevents session reset) 2012-03-29 18:51:54 -07:00
helpers fix the js error when not logged in and on root/landing page, app is undefined 2012-03-29 16:28:53 +02:00
mailers invite_link functionailty mostly works 2012-03-16 17:56:35 -07:00
models more progress 2012-03-27 18:07:22 -07:00
presenters MS DC You can has choose a template 2012-03-27 14:52:53 -07:00
uploaders added support for uploading images with .tiff extensions 2012-01-02 21:40:46 -05:00
views Move branding assets to /images/branding for asset pipeline, update template files to point to new branding directory 2012-03-29 17:18:27 -05:00