zoriya/flood
1
0
Fork 0
mirror of https://github.com/zoriya/flood.git synced 2026-06-04 11:35:11 +00:00
Code Issues Packages Projects Releases Wiki Activity

API: auth: don't include token in JSON objects

Browse Source 
Token is already sent by Set-Cookie. It is unneccessary and
insecure to include them in JSON response. Doing so also
introduce the token into Javascript VM which is not protected
as well as the httpOnly cookies.
This commit is contained in:
Jesse Chan
2020-10-26 20:05:30 +08:00
parent 74aa560f0b
commit 306ff79182
4 changed files with 26 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files
shared/schema/api/auth.ts
-1
View File
@@ -11,7 +11,6 @@ export type AuthAuthenticationOptions = Required<z.infer<typeof authAuthenticati
// POST /api/auth/authenticate - success response
export interface AuthAuthenticationResponse {
success: boolean;
token: string;
username: string;
level: AccessLevel;
}