| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-01-15 | Disable Same-Site cookie implementation to fix SSO issues on WebKit browsers ↵ | Moritz Heiber | |
| (#9819) | |||
| 2018-09-08 | feat(cookies): Use the same-site attribute to lax (#8626) | Sorin Davidoi | |
| CSFR-prevention is already implemented but adding this doesn't hurt. A brief introduction to Same-Site cookies (and the difference between strict and lax) can be found at https://blog.mozilla.org/security/2018/04/24/same-site-cookies-in-firefox-60/ TLDR: We use lax since we want the cookies to be sent when the user navigates safely from an external site. | |||
| 2018-01-05 | Fix enforce HTTPS in production. (#6180) | Naoki Kosaka | |
| 2016-11-02 | Make cookies https-only if LOCAL_HTTPS is true, set X-Frame-Options to DENY, | Eugen Rochko | |
| add permissive CORS to API controllers | |||
| 2016-02-20 | Initial commit | Eugen Rochko | |
 |
index : mastodon | |
| Plural Café fork of Mastodon/Glitch Social |
| about summary refs log tree commit diff |