Joscha Krutzki
Joscha Krutzki
I don't feel well without CSRF protection. There are plenty of different possiblities for this attack and I don't know if we really consider everything.
I only did a short research but the more secure solutions i found have "double" authentication. Normal cooky auth and a csrf token send with HTTP-header (stored in local storage...
Examples: http://de.slideshare.net/robertjd/jwt-authentication-with-angularjs https://docs.djangoproject.com/en/dev/ref/csrf/#ajax
added "handle session timout in the frontend (R10)"
You suggest use one endpoint for token and cooky based authentication. To simplify documentation/implementation if would prefere one dedicated endpoint for each authentication method. Also the difference between email and...
Befor we refactor authentication we should think about using "standard" architectures like Oauth2 (revoke + access token), we need to deal with this anyway. Here is an example with Oauth2,...
Can reproduce with firefox 36 linux: script angular.js hangs, page frozen
This pull request adds another source code checkout without a real need as long as we dont update to python 3.6. So I would wait until this is fixed in...
Workaround: ``` python/python-2.7/bin/easy_install -U distribute ```