gristlabs_grist-core

mirror of https://github.com/gristlabs/grist-core.git synced 2024-10-27 20:44:07 +00:00

History

Alex Hall e590e65a3f (core) Allow requests from untrusted origins but without credentials Summary: Allow requests from untrusted origins instead of returning an error, but don't allow credentials (Cookie header) or API keys (Authorization header). Allow setting the header `Content-type: application/json` as an alternative to `X-Requested-With: XMLHttpRequest` to make it easier for clients to make POST/PUT/PATCH/DELETE requests without authentication. Discussion: https://grist.slack.com/archives/C0234CPPXPA/p1666355281535479 Test Plan: Added and updated DocApi tests. Tested manually how this affects requests made from a browser. Reviewers: paulfitz, dsagal Reviewed By: paulfitz, dsagal Differential Revision: https://phab.getgrist.com/D3678		2022-11-03 13:33:23 +02:00
..
client	(core) Wrap progress dots in OnBoardingPopups	2022-10-31 23:35:53 -07:00
common	(core) Revealing hidden pages with visible children.	2022-10-31 14:02:38 +01:00
gen-server	(core) Tweak autocomplete to only suggest team members	2022-10-18 08:08:05 -07:00
plugin	Use relative imports only in plugin folder (#328 )	2022-10-26 10:41:38 -04:00
server	(core) Allow requests from untrusted origins but without credentials	2022-11-03 13:33:23 +02:00
tsconfig.json	(core) move home server into core	2020-07-21 20:39:10 -04:00