gaspersic/freeCodeCamp
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

fix(csrf): remove all csrf bypass

Browse Source
This commit is contained in:
Oliver Eyton-Williams
2020-03-06 17:51:58 +01:00
committed by mrugesh
parent f183df0d88
commit 23b899f50f
20 changed files with 84 additions and 56 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api-server/server/views/emails/user-request-sign-in.ejs
View File

@ -1,9 +1,9 @@
Here's your sign in link. It will instantly sign you into freeCodeCamp.org - no password necessary:
<%= host %>/internal/passwordless-auth/?email=<%= loginEmail %>&token=<%= loginToken %>
<%= host %>/passwordless-auth/?email=<%= loginEmail %>&token=<%= loginToken %>
Note: this sign in link will expire after 15 minutes. If you need a new sign in link, go to https://www.freecodecamp.org/signin
See you soon!
- The freeCodeCamp.org Team
- The freeCodeCamp.org Team

4
api-server/server/views/emails/user-request-sign-up.ejs
View File

@ -4,10 +4,10 @@ We have created a new account for you.
Here's your sign in link. It will instantly sign you into freeCodeCamp.org - no password necessary:
<%= host %>/internal/passwordless-auth/?email=<%= loginEmail %>&token=<%= loginToken %>
<%= host %>/passwordless-auth/?email=<%= loginEmail %>&token=<%= loginToken %>
Note: this sign in link will expire after 15 minutes. If you need a new sign in link, go to https://www.freecodecamp.org/signin
See you soon!
- The freeCodeCamp.org Team
- The freeCodeCamp.org Team