• #known 2017-06-02
  • Prev
    Next
  • #indieweb
  • #dev
  • #wordpress
  • #meta
  • #stream
  • #microformats
  • #known
  • #events
#known ≡
  • ←
  • →
2017-06-02 UTC
# 18:03
mapkyca for the tape: I've just merged in a fix for #1727 and #1022 - calling endpoints from pure javascript, and token expiration, respectively. This required adding the ability for updating the token via XHR. See the discussion on https://github.com/idno/Known/issues/1727. I don't believe this opens a CSRF hole, as the token now uses a sha256 HMAC which now includes the current user session_id, but let me