Commit Graph

6 Commits

Author SHA1 Message Date
Sam
788ca1f112 FIX: stop adding email to unsubscribe url
Instead of adding email to unsubscribe url store it in redis for 1 hour
rate limit calls to unsubscribe endpoint to ensure there is no risk of
bloating redis

Also move controller to request specs
2018-05-22 09:07:03 +10:00
Arpit Jalan
a1ef455c78 SECURITY: do not show private topic title on /unsubscribed page 2018-04-16 10:35:57 +05:30
Sam
49ed382c2a FIX: return 429 when admin api key is limited on admin route
This also handles a general case where exceptions leak out prior to being handled by the application controller
2018-01-12 14:15:26 +11:00
Guo Xiang Tan
a6f2533d38 SECURITY: Fix XSS on unsubscribed page. 2017-10-09 09:04:46 +08:00
Guo Xiang Tan
6fe604b93e Revert "SECURITY: Fix XSS on unsubscribed page."
This reverts commit 190558db9d.
2017-10-09 09:03:07 +08:00
Guo Xiang Tan
190558db9d SECURITY: Fix XSS on unsubscribed page. 2017-10-09 08:59:03 +08:00