wallabag

mirror of https://github.com/wallabag/wallabag.git synced 2024-06-06 23:39:23 +00:00

History

Kevin Decherf aa06e8328e ConfigController: remove 2fa cancel step This change annoys me, however this endpoint was anyway problematic: - it was vulnerable to a CSRF attack, see GHSA-56fm-hfp3-x3w3 - it is useless as we don't really handle a two-steps validation Still, if you send an incorrect code during the "activation" phase a flash error will pop up but the 2fa will stay enabled. This need rework when possible. Signed-off-by: Kevin Decherf <kevin@kdecherf.com>	2023-09-30 00:49:58 +02:00
..
Wallabag	ConfigController: remove 2fa cancel step	2023-09-30 00:49:58 +02:00
.htaccess	1st implementation of wallabag api, yeah	2015-01-28 17:09:27 +01:00

Kevin Decherf aa06e8328e ConfigController: remove 2fa cancel step

This change annoys me, however this endpoint was anyway problematic:
- it was vulnerable to a CSRF attack, see GHSA-56fm-hfp3-x3w3
- it is useless as we don't really handle a two-steps validation

Still, if you send an incorrect code during the "activation" phase a
flash error will pop up but the 2fa will stay enabled. This need rework
when possible.

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>

2023-09-30 00:49:58 +02:00

Wallabag

ConfigController: remove 2fa cancel step

2023-09-30 00:49:58 +02:00

.htaccess

1st implementation of wallabag api, yeah

2015-01-28 17:09:27 +01:00