kotovalexarian-likes-gitlab
/
hagrid-keyserver--hagrid
mirror of https://gitlab.com/hagrid-keyserver/hagrid.git
1
0
Fork 0
Code Releases Activity
hagrid-keyserver--hagrid/dist
History
Daniel Silverstone 6df212f087
upload: Require POST for token verification 
In order to mitigate against MUAs previewing URLs, move the token
verification flow to a POST handler, and add a new GET handler
which returns a form requiring the user to click an additional time
in order to verify their address.

The returned form also carries some JavaScript which will attempt to
do this for the user, meaning the experience for the user should be
almost exactly as before, while mitigating MUA previews.

Closes: #53

Signed-off-by: Daniel Silverstone <dsilvers@digital-scurf.org>
 		2019-09-26 21:42:48 +02:00
..
assets upload: Require POST for token verification 2019-09-26 21:42:48 +02:00
errors-static errors: use 429 for rate limiting instead of 503 2019-07-12 12:27:31 +02:00
templates upload: Require POST for token verification 2019-09-26 21:42:48 +02:00