David Taylor
1a8fee11a0
DEV: If only one auth provider is enabled allow GET request
...
In this case, the auth provider is acting as a SSO provider, and can be trusted to maintain its own CSRF protections.
2019-08-12 11:03:05 +01:00
David Taylor
3b8c468832
SECURITY: Require POST with CSRF token for OmniAuth request phase
2019-08-08 11:58:00 +01:00
Sam Saffron
30990006a9
DEV: enable frozen string literal on all files
...
This reduces chances of errors where consumers of strings mutate inputs
and reduces memory usage of the app.
Test suite passes now, but there may be some stuff left, so we will run
a few sites on a branch prior to merging
2019-05-13 09:31:32 +08:00
Sam
442a17bfb2
PERF: bypass omniauth unless in an auth path
2018-01-15 12:44:54 +11:00
Neil Lalonde
3e5f2bd1cf
FIX: replace reference to Google_oauth2 with Google during signup
2016-03-29 18:08:55 -04:00
Erick Guan
7df33ca287
FIX: redirect output omniauth log to Rails logger instead of stdout
2016-03-19 13:17:13 +01:00
Sam
65edbb609c
Revert "Revert message bus upgrade"
...
This reverts commit 47e718f5b2
.
2015-12-09 11:48:41 +11:00
Sam
47e718f5b2
Revert message bus upgrade
2015-12-09 11:45:11 +11:00
Sam
2cc95af69b
Revert "REVERT: message bus changes"
...
This reverts commit 4820d5c7b0
.
2015-12-09 07:36:36 +11:00
Robin Ward
4820d5c7b0
REVERT: message bus changes
2015-12-08 15:32:31 -05:00
Sam
c866d5b42d
Revert "Revert "PERF: move message bus to the front of the middleware stack""
...
This reverts commit cd1dd18f01
.
2015-12-08 07:11:28 +11:00
Robin Ward
cd1dd18f01
Revert "PERF: move message bus to the front of the middleware stack"
...
I suspect this commit is preventing Sidekiq from running inprocess.
2015-12-07 14:57:23 -05:00
Sam
c04bcf8655
PERF: move message bus to the front of the middleware stack
...
Organise all initializers so they are properly ordered and use the same naming scheme
2015-12-07 14:51:24 +11:00