p5.js-web-editor/server/utils
Andrew Nicolaou 6cbc376d6e CSRF/XSS protection (#374)
* /api endpoints only allows requests with application/json Content-Type

Otherwise sends 406 Unacceptable

* Uses CSRF token

The CSRF token is sent as the cookie 'XSRF-TOKEN' on all HTML page
requests. This token is  picked up automatically by axios
and sent to the API with all requests as an 'X-XSRF-TOKEN' header.
The middleware runs on all routes and verifies that the token matches
what's stored in the session.
2017-06-26 13:58:58 -04:00
..
filePath.js update eslint to latest version, fix lots of linting errors (#308) 2017-02-22 14:29:35 -05:00
mail.js Email verification (#369) 2017-06-26 12:48:28 -04:00
previewGeneration.js fix lingering linting errors 2017-06-13 16:47:36 -04:00
renderMjml.js Email verification (#369) 2017-06-26 12:48:28 -04:00
requestsOfType.js CSRF/XSS protection (#374) 2017-06-26 13:58:58 -04:00