summaryrefslogtreecommitdiff
path: root/Biz/Devalloc.hs
diff options
context:
space:
mode:
authorBen Sima <ben@bsima.me>2021-03-17 17:25:52 -0400
committerBen Sima <ben@bsima.me>2021-03-17 17:25:52 -0400
commit4b8378a156a4ee7a2a1e57a83631583910a18378 (patch)
tree53591da479eb141a9851ab7d6a9ca22973a9c7da /Biz/Devalloc.hs
parent286be18a4526c53bc0b34368757d11142e21d455 (diff)
Remove TODO about XSRF setting
Since we don't use a JavaScript frontend, we don't actually need any XSRF protection. All of the requests will be coming from the browser, not from a computer running inside the browser (js).
Diffstat (limited to 'Biz/Devalloc.hs')
-rw-r--r--Biz/Devalloc.hs2
1 files changed, 1 insertions, 1 deletions
diff --git a/Biz/Devalloc.hs b/Biz/Devalloc.hs
index 04ee90e..1b76cc6 100644
--- a/Biz/Devalloc.hs
+++ b/Biz/Devalloc.hs
@@ -542,7 +542,7 @@ liveCookieSettings :: Auth.CookieSettings
liveCookieSettings =
Auth.defaultCookieSettings
{ Auth.cookieIsSecure = Auth.Secure,
- -- TODO: fix this, add js snippet
+ -- disable XSRF protection because we don't use any javascript
Auth.cookieXsrfSetting = Nothing
}