Fossil

Changes On Branch csrf-defense-enhancement
Login

Changes On Branch csrf-defense-enhancement

Patch Side-by-Side Diff Unified Diff

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Changes In Branch csrf-defense-enhancement Excluding Merge-Ins

This is equivalent to a diff from 8ff63db2 to fc5b49e9

2023-09-18
20:43
Merge the CSRF-defense enhancements into trunk. ... (check-in: 920ace17 user: drh tags: trunk)
17:13
Omit the SameSite=strict specifier for the login cookie, since that prevents users from clicking a hyperlink on an email notification and then going directly to the relevant page and getting logged in. ... (Closed-Leaf check-in: fc5b49e9 user: drh tags: csrf-defense-enhancement)
15:36
Set the "SameSite=strict" value on cookies (used for authentication) as a further defense-in-depth against CSRF attacks. ... (check-in: bc643c32 user: drh tags: csrf-defense-enhancement)
13:18
Try to simplify and rationalize the defenses against cross-site request forgery attacks. A hodgepodge of techniques have been used in the past. This changes attempts to make everything work more alike and to centralize CSRF defenses for easier auditing. ... (check-in: 88a402fe user: drh tags: csrf-defense-enhancement)
2023-09-14
08:25
Add the ability for 'branch list' to filter the branches that have/have not been merged into the current branch. ... (check-in: 8ff63db2 user: danield tags: trunk)
08:04
Update the built-in SQLite to version 3.43.1. ... (check-in: 1fea5c2c user: danield tags: trunk)
2023-06-14
14:37
Add the ability for 'branch list' to filter the branches that have/have not been merged into the current branch, per forum request. ... (Closed-Leaf check-in: d6ddd5bc user: danield tags: branch-list-merged-unmerged)

Changes to src/alerts.c.

Changes to src/builtin.c.

Changes to src/cgi.c.

Changes to src/event.c.

Changes to src/forum.c.

Changes to src/info.c.

Changes to src/interwiki.c.

Changes to src/login.c.

Changes to src/main.c.

Changes to src/report.c.

Changes to src/security_audit.c.

Changes to src/setup.c.

Changes to src/setupuser.c.

Changes to src/sha1.c.

Changes to src/shun.c.

Changes to src/skins.c.

Changes to src/style.c.

Changes to src/th_main.c.

Changes to src/tkt.c.

Changes to src/tktsetup.c.

Changes to src/wiki.c.

Changes to src/xfersetup.c.