Markus Unterwaditzer
Markus Unterwaditzer
As far as I understand this feature would require locks on the cachinglayer? It's easy to extend `storeFile` to pass an ifMatch option to `put`, but only the wireclient supports...
I suppose the remotestorage wireclient. What I am worried about are race conditions only occuring on localstorage, not across the wire. Particularly I'm worried about the application operating on local...
I'm not really familiar with remoteStorage.js' internals but I think what I said applies either way. On Sat, Sep 12, 2015 at 05:07:03PM -0700, Sebastian Kippe wrote: > Not sure...
We've discussed this in IRC: - In the case of native apps, CSRF is prevented through much more effective means (you can't csrf a webview) - In the case of...
> @fkooman: A webview cannot always be used, and is also a bad idea for security. One does not know where the password is being typed. I would never do...
The only thing you can inject via the redirect URI is the access token. And remoteStorage.js should absolutely implement CSRF protection for that, it currently doesn't. But the text you're...
But in any case, whether remoteStorage.js uses a simple flag in localstorage or the `state` param, none of this is security relevant.
After sleeping over this, I'm on neither side anymore. I don't see how a state parameter would be vastly superior (security-wise) to a simple flag, on the other side I...
https://unterwaditzer.net/taskrs/#[email protected]&token=HAHAHA I think I agree with @fkooman now.
Argh. Yeah. I forgot that remoteStorage.js actually clears its localstorage between logins.