Branch: refs/heads/master
Home: https://github.com/NixOS/hydra
Commit: bbe45ed8443d49bec45f333ed210ee127cb667e6
https://github.com/NixOS/hydra/commit/bbe45ed8443d49bec45f333ed210ee127cb667e6
Author: Eelco Dolstra <edols...@gmail.com>
Date: 2016-10-20 (Thu, 20 Oct 2016)
Changed paths:
M src/lib/Hydra/Controller/Root.pm
M src/lib/Hydra/Controller/User.pm
M src/root/auth.tt
M src/root/layout.tt
M src/root/topbar.tt
M src/script/hydra-create-user
M src/sql/hydra.sql
Log Message:
-----------
Remove Persona support
Persona is no longer supported by Mozilla, so let's remove it.
Commit: c928c41ee1f15776df85551c8df918643e5717bd
https://github.com/NixOS/hydra/commit/c928c41ee1f15776df85551c8df918643e5717bd
Author: Eelco Dolstra <edols...@gmail.com>
Date: 2016-10-20 (Thu, 20 Oct 2016)
Changed paths:
M src/lib/Hydra/Controller/Root.pm
Log Message:
-----------
Add XSRF protection for POST requests
Some Hydra API requests were vulnerable to XSRF attacks, e.g. you
could have a form on another website using http://hydra/logout as the
form action. So we now require POST requests to come from the same
origin.
Reported by Hans-Christian Esperer.
Compare: https://github.com/NixOS/hydra/compare/e0b2921ff2f7...c928c41ee1f1
_______________________________________________
nix-commits mailing list
nix-comm...@lists.science.uu.nl
http://lists.science.uu.nl/mailman/listinfo/nix-commits