overleaf

mirror of https://github.com/overleaf/overleaf.git synced 2024-09-16 02:52:31 -04:00

History

Shane Kilkelly 0aaeb6671e Keep password reset token in session, and strip it from reset page url. This fixes an issue where the reset token was leaked in the referrer header when navigating away from the password reset page to an external site. Now we get the token from the query string, store it in the session, then redirect to the bare url of the password reset page, which then uses the stored token to render the reset form.	2015-08-24 11:53:33 +01:00
..
smoke/coffee	port leak fixes from smoke-test-sharelatex module	2015-05-26 10:54:55 +01:00
UnitTests/coffee	Keep password reset token in session, and strip it from reset page url.	2015-08-24 11:53:33 +01:00

Shane Kilkelly 0aaeb6671e Keep password reset token in session, and strip it from reset page url.

This fixes an issue where the reset token was leaked in the referrer header
when navigating away from the password reset page to an external site.

Now we get the token from the query string, store it in the session,
then redirect to the bare url of the password reset page, which then
uses the stored token to render the reset form.

2015-08-24 11:53:33 +01:00

smoke/coffee

port leak fixes from smoke-test-sharelatex module

2015-05-26 10:54:55 +01:00

UnitTests/coffee

Keep password reset token in session, and strip it from reset page url.

2015-08-24 11:53:33 +01:00