| Commit message (Collapse) | Author | ||
|---|---|---|---|
| 2014-01-16 | auth: lua string comparisons are time invariant | Jason A. Donenfeld | |
| By default, strings are compared by hash, so we can remove this comment. Signed-off-by: Jason A. Donenfeld <Jason@zx2c4.com> | |||
| 2014-01-16 | authentication: use hidden form instead of referer | Jason A. Donenfeld | |
| This also gives us some CSRF protection. Note that we make use of the hmac to protect the redirect value. Signed-off-by: Jason A. Donenfeld < | |||