Infrastructure/ghost: Independent technology for modern publishing, memberships, subscriptions and newsletters.

mirror of https://github.com/TryGhost/Ghost.git synced 2025-04-01 02:41:39 -05:00

Independent technology for modern publishing, memberships, subscriptions and newsletters.

blogging cms creator-economy ghost hacktoberfest headless-cms jamstack javascript journalism nodejs publishing web-application

Find a file

Fabien O'Carroll 99aeda5909 Removed ssoOriginCheck from signout endpoint (#10277 ) no-issue the ssoOriginCheck exists to ensure that we only allow signin/signup to be called from the specified auth page, this is a very minor security feature in that it forces signins to go via the page you've designated. signout however does not need this protection as the call to signout completely bypasses any UI (this is the same for the call to /token)	2019-05-07 17:35:17 +02:00
ghost	Removed ssoOriginCheck from signout endpoint (#10277 )	2019-05-07 17:35:17 +02:00

Fabien O'Carroll 99aeda5909 Removed ssoOriginCheck from signout endpoint (#10277 )

no-issue

the ssoOriginCheck exists to ensure that we only allow signin/signup to
be called from the specified auth page, this is a very minor security
feature in that it forces signins to go via the page you've designated.
signout however does not need this protection as the call to signout
completely bypasses any UI (this is the same for the call to /token)

2019-05-07 17:35:17 +02:00

ghost

Removed ssoOriginCheck from signout endpoint (#10277 )

2019-05-07 17:35:17 +02:00