mirror of
https://github.com/gristlabs/grist-core.git
synced 2025-06-13 20:53:59 +00:00
e590e65a3f
Summary: Allow requests from untrusted origins instead of returning an error, but don't allow credentials (Cookie header) or API keys (Authorization header). Allow setting the header `Content-type: application/json` as an alternative to `X-Requested-With: XMLHttpRequest` to make it easier for clients to make POST/PUT/PATCH/DELETE requests without authentication. Discussion: https://grist.slack.com/archives/C0234CPPXPA/p1666355281535479 Test Plan: Added and updated DocApi tests. Tested manually how this affects requests made from a browser. Reviewers: paulfitz, dsagal Reviewed By: paulfitz, dsagal Differential Revision: https://phab.getgrist.com/D3678 |
||
|---|---|---|
| .. | ||
| client | ||
| common | ||
| deployment | ||
| fixtures | ||
| gen-server | ||
| nbrowser | ||
| server | ||
| chai-as-promised.js | ||
| init-mocha-webdriver.js | ||
| mocha.opts | ||
| report-why-tests-hang.js | ||
| test_under_docker.sh | ||
| testUtils.ts | ||
| tsconfig.json | ||
| utils.js | ||
| xunit-file.js | ||