gristlabs_grist-core

mirror of https://github.com/gristlabs/grist-core.git synced 2024-09-29 00:10:50 +00:00

History

Alex Hall e590e65a3f (core) Allow requests from untrusted origins but without credentials Summary: Allow requests from untrusted origins instead of returning an error, but don't allow credentials (Cookie header) or API keys (Authorization header). Allow setting the header `Content-type: application/json` as an alternative to `X-Requested-With: XMLHttpRequest` to make it easier for clients to make POST/PUT/PATCH/DELETE requests without authentication. Discussion: https://grist.slack.com/archives/C0234CPPXPA/p1666355281535479 Test Plan: Added and updated DocApi tests. Tested manually how this affects requests made from a browser. Reviewers: paulfitz, dsagal Reviewed By: paulfitz, dsagal Differential Revision: https://phab.getgrist.com/D3678	2022-11-03 13:33:23 +02:00
..
Authorizer.ts	(core) Faster builds all around.	2022-07-04 10:42:40 -04:00
DocApi.ts	(core) Allow requests from untrusted origins but without credentials	2022-11-03 13:33:23 +02:00

Alex Hall e590e65a3f (core) Allow requests from untrusted origins but without credentials

Summary:
Allow requests from untrusted origins instead of returning an error, but don't allow credentials (Cookie header) or API keys (Authorization header).

Allow setting the header `Content-type: application/json` as an alternative to `X-Requested-With: XMLHttpRequest` to make it easier for clients to make POST/PUT/PATCH/DELETE requests without authentication.

Discussion: https://grist.slack.com/archives/C0234CPPXPA/p1666355281535479

Test Plan: Added and updated DocApi tests. Tested manually how this affects requests made from a browser.

Reviewers: paulfitz, dsagal

Reviewed By: paulfitz, dsagal

Differential Revision: https://phab.getgrist.com/D3678

2022-11-03 13:33:23 +02:00

Authorizer.ts

(core) Faster builds all around.

2022-07-04 10:42:40 -04:00

DocApi.ts

(core) Allow requests from untrusted origins but without credentials

2022-11-03 13:33:23 +02:00