overleaf/services/web/app/coffee
Shane Kilkelly 0aaeb6671e Keep password reset token in session, and strip it from reset page url.
This fixes an issue where the reset token was leaked in the referrer header
when navigating away from the password reset page to an external site.

Now we get the token from the query string, store it in the session,
then redirect to the bare url of the password reset page, which then
uses the stored token to render the reset form.
2015-08-24 11:53:33 +01:00
..
Features Keep password reset token in session, and strip it from reset page url. 2015-08-24 11:53:33 +01:00
infrastructure set body parser limit to 2mb 2015-07-08 14:35:03 +01:00
managers redirect users to /register when coming from templates or share url 2014-11-13 17:12:39 +00:00
models remove useClsi2 flag in project collection 2015-08-19 11:58:41 +01:00
errors.coffee Intial open source comment 2014-02-12 10:23:40 +00:00
router.coffee added deactivate project endpoint 2015-08-14 11:26:11 +01:00