diff options
author | Ben Sima <ben@bsima.me> | 2021-03-17 17:25:52 -0400 |
---|---|---|
committer | Ben Sima <ben@bsima.me> | 2021-03-17 17:25:52 -0400 |
commit | 4b8378a156a4ee7a2a1e57a83631583910a18378 (patch) | |
tree | 53591da479eb141a9851ab7d6a9ca22973a9c7da /Biz | |
parent | 286be18a4526c53bc0b34368757d11142e21d455 (diff) |
Remove TODO about XSRF setting
Since we don't use a JavaScript frontend, we don't actually need any XSRF
protection. All of the requests will be coming from the browser, not from a
computer running inside the browser (js).
Diffstat (limited to 'Biz')
-rw-r--r-- | Biz/Devalloc.hs | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/Biz/Devalloc.hs b/Biz/Devalloc.hs index 04ee90e..1b76cc6 100644 --- a/Biz/Devalloc.hs +++ b/Biz/Devalloc.hs @@ -542,7 +542,7 @@ liveCookieSettings :: Auth.CookieSettings liveCookieSettings = Auth.defaultCookieSettings { Auth.cookieIsSecure = Auth.Secure, - -- TODO: fix this, add js snippet + -- disable XSRF protection because we don't use any javascript Auth.cookieXsrfSetting = Nothing } |