guyben da5a8796b8 Allow XSRF to be sent as POST parameter in addition to HTML header ... HTML headers can only be sent via JS, we need this change to allow secure POST form submission. The form itself will have a hidden "input" tag with the XSRF token in it. This is how other framework do it as well - see https://en.wikipedia.org/wiki/Cross-site_request_forgery#Synchronizer_token_pattern This is in preparation for the OT&E setup page, which will be a simple form with a "submit" button, so using JS for it is overkill. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=226178070		2018-12-20 07:46:33 -05:00
..
AppEngineInternalAuthenticationMechanism.java	Add XSRF protection to legacy authentication mechanism	2017-03-07 13:18:04 -05:00
Auth.java	Change UserPolicy to PUBLIC on WHOIS and EPP endpoints	2018-04-23 14:59:24 -04:00
AuthenticatedRegistrarAccessor.java	Allow unsetting of the support email group, disabling "support users"	2018-12-20 07:46:33 -05:00
AuthenticationMechanism.java	Add request/auth package to Nomulus release	2017-02-14 12:00:49 -05:00
AuthLevel.java	Add request/auth package to Nomulus release	2017-02-14 12:00:49 -05:00
AuthModule.java	Remove Google-internal auth mechanism	2018-12-13 15:05:44 -05:00
AuthResult.java	Include the performing user in the "Registrar updated" emails	2018-10-22 18:41:38 -04:00
BUILD	Move AuthenticatedRegistrarAccessor to request/auth/	2018-11-16 16:54:21 -05:00
LegacyAuthenticationMechanism.java	Allow XSRF to be sent as POST parameter in addition to HTML header	2018-12-20 07:46:33 -05:00
OAuthAuthenticationMechanism.java	Migrate to Flogger (green)	2018-05-30 12:18:54 -04:00
OAuthTokenInfo.java	Add request/auth package to Nomulus release	2017-02-14 12:00:49 -05:00
RequestAuthenticator.java	Migrate to Flogger (green)	2018-05-30 12:18:54 -04:00
UserAuthInfo.java	Remove unnecessary generic type arguments	2017-11-21 18:17:31 -05:00