HackMD

History

Sheogorath 70df29790a Add token based security feature In the current setup users could be tricked into deleting their data by providing a malicious link like `[click me](/me/delete)`. This commit prevents such an easy attack and need the user's deleteToken to get his data deleted. In case someone requests his deletion by email you can also ask him for this token. We can add a GUI that shows it later on. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>		2018-05-25 18:26:06 +02:00
..
config	Revert "Workaround Google API problems"	2018-05-16 01:31:50 +02:00
migrations	Add token based security feature	2018-05-25 18:26:06 +02:00
models	Add token based security feature	2018-05-25 18:26:06 +02:00
ot	Change config to camel case with backwards compatibility	2018-03-25 19:08:14 +02:00
web	Add token based security feature	2018-05-25 18:26:06 +02:00
workers	refactor: Remove `require` extension filename	2017-05-08 19:29:06 +08:00
csp.js	Fix CSP for disqus and Google Analytics	2018-03-30 16:33:52 +02:00
history.js	Improve history migration performance	2018-03-10 16:51:00 +08:00
letter-avatars.js	Move letter-avatars into own request	2018-04-17 19:06:59 +02:00
logger.js	refactor(logger): Refactor logger.js	2017-05-08 19:24:37 +08:00
realtime.js	Fix requests for deleted users	2018-05-25 16:15:18 +02:00
response.js	Add token based security feature	2018-05-25 18:26:06 +02:00
utils.js	switch to __dirname	2017-06-02 11:34:35 +01:00