Oliver Eyton-Williams
|
5a80b83579
|
fix(api): csrf over http in development (#39114)
|
2020-06-22 15:57:20 +05:30 |
Oliver Eyton-Williams
|
b3d5cde75e
|
fix(api): csurf to SameSite 'strict', https only (#39077)
Lax and http are probably sufficient, but if the stricter versions work
there's no harm using them.
|
2020-06-16 20:48:48 +05:30 |
Oliver Eyton-Williams
|
b4926052f4
|
chore: refactor and simplify testing (#39050)
|
2020-06-13 14:57:15 +05:30 |
Oliver Eyton-Williams
|
4300ce44db
|
fix: prevent 403 reporting (#38449)
|
2020-03-26 22:22:57 +05:30 |
Oliver Eyton-Williams
|
38e7369b92
|
chore: remove rollbar, bump deps
|
2020-03-26 16:51:17 +05:30 |
Oliver Eyton-Williams
|
87ae387ecb
|
fix: put error filtering in the handler
|
2020-03-26 16:51:17 +05:30 |
Oliver Eyton-Williams
|
f378f54ac3
|
feat: enhance dev error reports
|
2020-03-26 16:51:16 +05:30 |
Oliver Eyton-Williams
|
10a6622546
|
feat(api): enable Sentry reporting
|
2020-03-26 16:51:16 +05:30 |
Mrugesh Mohapatra
|
ef39ab0e20
|
fix(donate): allow calls to the API without auth
This is also dependent on 170e3dbf4f
|
2020-03-21 01:58:07 +05:30 |
Mrugesh Mohapatra
|
4ee032d664
|
feat(api): add and update webhooks routing
|
2020-03-19 17:18:53 +05:30 |
mrugesh
|
6f90efb20c
|
fix(api): update routes for authorization bypass (#38387)
|
2020-03-18 18:05:42 +01:00 |
mrugesh
|
933e289617
|
fix(api): add /auth paths to whitelist (#38383)
|
2020-03-18 13:19:42 +01:00 |
Oliver Eyton-Williams
|
23b899f50f
|
fix(csrf): remove all csrf bypass
|
2020-03-17 23:28:23 +05:30 |
Ahmad Abdolsaheb
|
6c6eadfbe4
|
feat(donate): PayPal integration
|
2020-03-16 18:35:51 +05:30 |
mrugesh
|
ac922ac04e
|
fix: add pass thru for some subdomains (#38315)
* fix: add passthru for some subdomains
* fix: export whitelist correctly
|
2020-03-04 00:02:04 +09:00 |
Josh Soref
|
004b99bf8f
|
chore: fix typos in spelling (#38100)
* spelling: accidentally
* spelling: announce
* spelling: assembly
* spelling: avoid
* spelling: backend
* spelling: because
* spelling: claimed
* spelling: candidate
* spelling: certification
* spelling: certified
* spelling: challenge
* spelling: circular
* spelling: it isn't
* spelling: coins
* spelling: combination
* spelling: compliant
* spelling: containers
* spelling: concise
* spelling: deprecated
* spelling: development
* spelling: donor
* spelling: error
* spelling: everything
* spelling: exceed
* spelling: exist
* spelling: falsy
* spelling: faulty
* spelling: forward
* spelling: handle
* spelling: indicates
* spelling: initial
* spelling: integers
* spelling: issealed
* spelling: javascript
* spelling: length
* spelling: maximum
* spelling: minimum
* spelling: mutable
* spelling: notifier
* spelling: coordinate
* spelling: passport
* spelling: perform
* spelling: permuter
* spelling: placeholder
* spelling: progressively
* spelling: semantic
* spelling: submission
* spelling: submit
* spelling: translations
* spelling: turquoise
* spelling: visualization
* spelling: without
* spelling: registration
* spelling: representation
|
2020-02-08 23:59:10 +05:30 |
mrugesh
|
89ddd4bb7e
|
fix(api): error reporter should have explicit env check (#38000)
|
2020-01-01 10:53:11 +05:30 |
mrugesh
|
f090730015
|
fix(api): send json messages for challenge routes (#37494)
|
2019-10-24 17:30:23 +05:30 |
Mrugesh Mohapatra
|
e19e54a152
|
fix(api): remove the email verified middleware
|
2019-10-07 15:19:21 -07:00 |
Mrugesh Mohapatra
|
2116997f85
|
fix(api): remove the privacy middleware
|
2019-10-07 15:19:21 -07:00 |
Oliver Eyton-Williams
|
2785875941
|
fix: make public certs always viewable (#36723)
|
2019-08-30 16:18:49 +05:30 |
Mrugesh Mohapatra
|
ac50216949
|
fix: NODE_ENV conflicts on pipelines
|
2019-08-19 01:37:32 +05:30 |
Mrugesh Mohapatra
|
56d78a1119
|
fix(server,client): CORS is a real nightmare
|
2019-08-17 17:01:10 +05:30 |
xyozio
|
657a5e2c16
|
cleanup: typos and remove commented out code (#36573)
|
2019-08-09 23:57:26 +05:30 |
Parth Parth
|
67028025d1
|
fix(client): Vague Error messages (#36047)
Co-authored-by: Mrugesh Mohapatra <1884376+raisedadead@users.noreply.github.com>
|
2019-06-19 20:01:03 +05:30 |
Bouncey
|
72a0d63aa0
|
fix: Centralise user deserialization
|
2019-03-05 15:57:46 +05:30 |
Bouncey
|
3e8bac4590
|
feat: Use new (tested) accessToken utils to authoize requests
|
2019-02-21 21:03:06 +05:30 |
Bouncey
|
36c4737998
|
chore: Add tests for jwt authorization
|
2019-02-21 21:03:06 +05:30 |
Valeriy
|
fc8c71ad16
|
feat: use eslint with prettier to format code
|
2019-02-19 14:30:27 +05:30 |
Bouncey
|
b13e5fb41a
|
feat: Use prettier-eslint to format code
|
2019-02-19 14:30:27 +05:30 |
Bouncey
|
c0104faa38
|
fix(ci): Fix lint errors thrown in CI
|
2019-02-19 14:30:27 +05:30 |
Bouncey
|
0ccd0a6f77
|
chore: Fix api linting
|
2019-02-19 14:30:27 +05:30 |
Bouncey
|
07266b7e43
|
chore: commit lint fixes for the api
|
2019-02-19 14:30:27 +05:30 |
Bouncey
|
354d3feaee
|
fix: Allow un-authed loopback api calls
|
2019-02-16 12:27:23 +05:30 |
Mrugesh Mohapatra
|
02e6e711cf
|
fix(donate): refactor handlers for charges
|
2019-02-14 14:14:10 +00:00 |
Bouncey
|
361ce5cd8e
|
fix: Broken regex for short news links
|
2019-02-14 16:54:39 +05:30 |
Mrugesh Mohapatra
|
fdc2219f81
|
feat: remove news from platform
|
2019-01-16 13:48:38 +00:00 |
Bouncey
|
e378d566d9
|
fix: Use reportError in development
|
2018-12-04 17:42:12 +05:30 |
Stuart Taylor
|
d327a5c36b
|
Feat: News in the client app (#34392)
|
2018-11-29 15:12:15 +03:00 |
Bouncey
|
c08bb95ea8
|
fix(auth): Fix auth flow for the client app
|
2018-10-24 18:27:34 +05:30 |
Stuart Taylor
|
c4a0a37238
|
fix(dev): Remove jade middleware (#18437)
|
2018-10-12 06:49:20 -06:00 |
Bouncey
|
b38ee544a3
|
fix(description): Adjust for new description format
|
2018-10-05 15:58:12 +01:00 |
Bouncey
|
2de2143457
|
feat(email-settings): Add email settings
|
2018-09-21 11:26:30 +01:00 |
Bouncey
|
46a217d0a5
|
chore(server): Move api-server in to it's own DIR
|
2018-09-03 17:47:48 +05:30 |