github-mirror/discourse
2
0
Fork 0
mirror of https://github.com/discourse/discourse.git synced 2025-06-19 15:21:43 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
Files
6b6b31a97f407d7c0fb6c1adb780529bc3f04019
discourse/lib/middleware
History
David Taylor 6b6b31a97f FEATURE: Allow admins to opt-in to seamless redirects on /auth/* (#31235) 
By default, when multiple login providers are enabled, Discourse
requires user interaction before triggering an external auth flow. This
is defense-in-depth against "Login CSRF" attacks.

This commit introduces a setting to control this behavior, so that it
can be disabled when admins fully trust the downstream systems, and need
an interaction-free login flow on a site with multiple login providers.

Default behavior remains unchanged.
2025-02-07 11:43:39 +00:00
..
anonymous_cache.rb
FEATURE: Dark/light mode selector (#31086)
2025-02-07 03:28:34 +03:00
csp_script_nonce_injector.rb
DEV: Memoize CSP nonce placeholder on response (#25724)
2024-02-16 12:15:55 +00:00
discourse_public_exceptions.rb
DEV: Upgrade Rails to version 7.1
2024-07-04 10:58:21 +02:00
enforce_hostname.rb
DEV: Apply syntax_tree formatting to lib/*
2023-01-09 12:10:19 +00:00
missing_avatars.rb
DEV: Prefer \A and \z over ^ and $ in regexes (#19936)
2023-01-20 12:52:49 -06:00
omniauth_bypass_middleware.rb
FEATURE: Allow admins to opt-in to seamless redirects on /auth/* (#31235)
2025-02-07 11:43:39 +00:00
processing_request.rb
FIX: Set sane default for Net::HTTP when processing a request (#28141)
2024-08-06 07:12:42 +08:00
request_tracker.rb
DEV: API to register custom request rate limiting conditions (#30239)
2024-12-23 09:57:18 +08:00
turbo_dev.rb
DEV: Apply syntax_tree formatting to lib/*
2023-01-09 12:10:19 +00:00