Ghost

OpenSourceArk/Ghost

Fork 0

Commit Graph

Author	SHA1	Message	Date
Fabien O'Carroll	99aeda5909	Removed ssoOriginCheck from signout endpoint (#10277 ) no-issue the ssoOriginCheck exists to ensure that we only allow signin/signup to be called from the specified auth page, this is a very minor security feature in that it forces signins to go via the page you've designated. signout however does not need this protection as the call to signout completely bypasses any UI (this is the same for the call to /token)	2019-05-07 17:35:17 +02:00
Fabien O'Carroll	b219e26ea6	Added members lib module (#10260 ) * Added members library inc. gateway refs #10213 * Added the auth pages and build steps for them refs #10213 * Cleaned up logs * Updated gruntfile to run yarn for member auth * Design refinements on members popups * UI refinements * Updated backend call to trigger only if frontend validation passes * Design refinements for error messages * Added error message for email failure * Updated request-password-reset to not attempt to send headers twice * Updated preact publicPath to relative path * Build auth pages on init	2019-05-07 17:35:17 +02:00

Author

SHA1

Message

Date

Fabien O'Carroll

99aeda5909

Removed ssoOriginCheck from signout endpoint (#10277 )

no-issue

the ssoOriginCheck exists to ensure that we only allow signin/signup to
be called from the specified auth page, this is a very minor security
feature in that it forces signins to go via the page you've designated.
signout however does not need this protection as the call to signout
completely bypasses any UI (this is the same for the call to /token)

2019-05-07 17:35:17 +02:00

Fabien O'Carroll

b219e26ea6

Added members lib module (#10260 )

* Added members library inc. gateway

refs #10213

* Added the auth pages and build steps for them

refs #10213

* Cleaned up logs

* Updated gruntfile to run yarn for member auth

* Design refinements on members popups

* UI refinements

* Updated backend call to trigger only if frontend validation passes

* Design refinements for error messages

* Added error message for email failure

* Updated request-password-reset to not attempt to send headers twice

* Updated preact publicPath to relative path

* Build auth pages on init

2019-05-07 17:35:17 +02:00

1 2 3

102 Commits