Kim Alvefur <zash@zash.se> [Fri, 16 Jun 2023 00:05:57 +0200] rev 5552
mod_http_oauth2: Disable CORS for authorization endpoint
Per recommendation in draft-ietf-oauth-security-topics-23
Hopefully it is enough to return an error status, since mod_http will
add CORS headers from a handler with higher priority, even for OPTIONS.
Kim Alvefur <zash@zash.se> [Sun, 11 Jun 2023 14:06:28 +0200] rev 5551
mod_http_oauth2: Make CSP configurable
E.g. to enable forbidding all scripts if you don't use any scripts, or
allow scripts from your separate static content domain, etc.
Kim Alvefur <zash@zash.se> [Sun, 11 Jun 2023 14:03:27 +0200] rev 5550
mod_http_oauth2: Link to RFC 7628 in README
Links are good.
Kim Alvefur <zash@zash.se> [Sun, 11 Jun 2023 14:02:47 +0200] rev 5549
mod_http_oauth2: Use code spans for some config options in README
To make them more recognisable as code things.
Kim Alvefur <zash@zash.se> [Sat, 10 Jun 2023 12:04:00 +0200] rev 5548
mod_http_oauth2: Remove underscore prefix
LuaCheck considers this to mean that a variable it unused, but this one
is not.
Kim Alvefur <zash@zash.se> [Fri, 09 Jun 2023 18:07:15 +0200] rev 5547
mod_cloud_notify_extensions: Fix Markdown syntax of Compatibility table
Matthew Wild <mwild1@gmail.com> [Thu, 08 Jun 2023 19:47:35 +0100] rev 5546
mod_firewall: Add console commands to mark/unmark users
Matthew Wild <mwild1@gmail.com> [Thu, 08 Jun 2023 19:19:46 +0100] rev 5545
mod_firewall: Load marks from storage on demand rather than at login
This ensures people who don't use marks, or use them infrequently, don't pay
a perf cost on every resource bind.
Matthew Wild <mwild1@gmail.com> [Thu, 08 Jun 2023 19:15:12 +0100] rev 5544
mod_firewall: Log warning when attempting to mark/unmark remote users
Matthew Wild <mwild1@gmail.com> [Thu, 08 Jun 2023 17:00:04 +0100] rev 5543
mod_firewall: enable marks by default