- 22 Feb, 2016 1 commit
-
-
mattl authored
Evil forms on other websites could otherwise potentially be configured to have action="https://gnusocial.example/api/statuses/update.json" or whatever. XHR is already blocked with CORS stuff. Really, why do browsers allow cross domain POSTs at all? Sigh. The web.
-
- 21 Feb, 2016 8 commits
- 18 Feb, 2016 1 commit
-
-
mattl authored
We say the email is private data, so reasonably we shouldn't reveal it indirectly through a hash sum: http://xmlns.com/foaf/spec/#term_mbox_sha1sum
-
- 17 Feb, 2016 12 commits
- 16 Feb, 2016 2 commits
- 15 Feb, 2016 2 commits
- 14 Feb, 2016 2 commits
- 13 Feb, 2016 7 commits
- 12 Feb, 2016 5 commits