corubba
|
ae2ad6527a
|
Set csrf cookie to httponly
The CSRF token is currently inserted directly in the template and not
in the browser via JavaScript from the cookie, so making it inaccessible
is not a problem.
The Sesson-cookie is already httponly by default [0].
[0] https://flask.palletsprojects.com/en/2.1.x/config/?highlight=session_cookie_httponly#SESSION_COOKIE_HTTPONLY
|
2022-06-18 18:51:42 +02:00 |
|
Dominic Zöller
|
701a442d12
|
default config: add exemplary URL encoding step for SQLA DB URL params
SQLAlchemy database URLs follow RFC-1738, so parameters like username
and password need to be encoded accordingly.
https://docs.sqlalchemy.org/en/13/core/engines.html#database-urls
|
2021-11-30 22:29:00 +01:00 |
|
jodygilbert
|
7f86730909
|
allow-server-side-sessions (#855)
|
2021-01-24 09:09:53 +01:00 |
|
Khanh Ngo
|
a3fd856dd8
|
Code refactoring and bug fixes
|
2020-06-19 08:47:51 +07:00 |
|
Roei Ganor
|
483c767d26
|
Offline installation and searchable inputs
|
2020-04-30 17:20:37 +00:00 |
|
Attila DEBRECZENI
|
a581aa3cf2
|
add SAML_ASSERTION_ENCRYPTED envrionment
|
2020-03-25 21:35:20 +00:00 |
|
Khanh Ngo
|
840e2a4750
|
Update docker stuff and bug fixes
|
2019-12-04 11:50:46 +07:00 |
|
Khanh Ngo
|
8ea00b9484
|
Refactoring the code
- Use Flask blueprint
- Split model and views into smaller parts
- Bug fixes
- API adjustment
|
2019-12-02 10:32:03 +07:00 |
|