Remove TODO about XSRF setting

Since we don't use a JavaScript frontend, we don't actually need any XSRF protection. All of the requests will be coming from the browser, not from a computer running inside the browser (js).
author: Ben Sima <ben@bsima.me> 2021-03-17 17:25:52 -0400
committer: Ben Sima <ben@bsima.me> 2021-03-17 17:25:52 -0400
commit: 4b8378a156a4ee7a2a1e57a83631583910a18378 (patch)
tree: 53591da479eb141a9851ab7d6a9ca22973a9c7da
parent: 286be18a4526c53bc0b34368757d11142e21d455 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/Biz/Devalloc.hs b/Biz/Devalloc.hs
index 04ee90e..1b76cc6 100644
--- a/Biz/Devalloc.hs
+++ b/Biz/Devalloc.hs
@@ -542,7 +542,7 @@ liveCookieSettings :: Auth.CookieSettings
 liveCookieSettings =
   Auth.defaultCookieSettings
     { Auth.cookieIsSecure = Auth.Secure,
-      -- TODO: fix this, add js snippet
+      -- disable XSRF protection because we don't use any javascript
       Auth.cookieXsrfSetting = Nothing
     }
author	Ben Sima <ben@bsima.me>	2021-03-17 17:25:52 -0400
committer	Ben Sima <ben@bsima.me>	2021-03-17 17:25:52 -0400
commit	4b8378a156a4ee7a2a1e57a83631583910a18378 (patch)
tree	53591da479eb141a9851ab7d6a9ca22973a9c7da
parent	286be18a4526c53bc0b34368757d11142e21d455 (diff)