Skip to content
Snippets Groups Projects
Select Git revision
  • quickstart
  • inheritance-v2
  • staging-playground
  • staging-test
  • master default protected
  • voevent_fixes
  • hw-inj
  • py310
  • fs-fix
  • free-name-GWs
  • no-massgap-voevent
  • send-async-alerts
  • superevent-log-inheritance
  • response-then-logs
  • catalog-dev
  • alert-improvements
  • histogram
  • S_event_neighbours
  • no_massgap_voevent
  • new_event_superevent_types
  • gracedb-2.18.1
  • gracedb-2.18.0
  • gracedb-2.17.2
  • gracedb-2.17.1
  • gracedb-2.17.0
  • gracedb-2.16.3
  • gracedb-2.16.2
  • gracedb-2.16.1
  • gracedb-2.16.0
  • gracedb-2.15.0
  • gracedb-2.14.3
  • gracedb-2.14.1
  • gracedb-2.14.0
  • gracedb-2.13.0-2
  • gracedb-2.13.0-1
  • gracedb-2.13.0
  • gracedb-2.12.0
  • gracedb-2.12.1
  • gracedb-2.11.1-2
  • gracedb-2.11.1-1
40 results
Blame Permalink
Forked from IGWN Computing and Software / GraceDB / GraceDB Server
Source project has a limited visibility.
  • Tanner Prestegard's avatar
    058fd28d
    Prevent certificate or basic auth on AJAX requests to the API · 058fd28d
    Tanner Prestegard authored 
    Discovered that AJAX requests to the API from the web view were
using certificates in people's browsers even if they were logged
out of the Django session.  So when they wanted to view the page
as a public user they still saw some extra information.

No security risk since they needed to have a valid certificate
anyway, but a bit annoying.
    058fd28d
    History
    Prevent certificate or basic auth on AJAX requests to the API
    Tanner Prestegard authored 
    Discovered that AJAX requests to the API from the web view were
using certificates in people's browsers even if they were logged
out of the Django session.  So when they wanted to view the page
as a public user they still saw some extra information.

No security risk since they needed to have a valid certificate
anyway, but a bit annoying.
Code owners
Assign users and groups as approvers for specific file changes. Learn more.