Andrei Prigorshnev b609f6c11c FIX: restrict other user's notification routes (#14442) ... It was possible to see notifications of other users using routes: - notifications/responses - notifications/likes-received - notifications/mentions - notifications/edits We weren't showing anything private (like notifications about private messages), only things that're publicly available in other places. But anyway, it feels strange that it's possible to look at notifications of someone else. Additionally, there is a risk that we can unintentionally leak something on these pages in the future. This commit restricts these routes.		2021-09-29 16:24:28 +04:00
..
assets	DEV: uses standard browser_start_timeout (#14472)	2021-09-29 13:25:34 +02:00
controllers	FIX: restrict other user's notification routes (#14442)	2021-09-29 16:24:28 +04:00
helpers	FIX: Offer site_logo_dark_url as an option for dark mode themes (#14361)	2021-09-16 17:47:51 -04:00
jobs	DEV: use upload id to save in theme setting instead of URL. (#14341)	2021-09-16 07:58:53 +05:30
mailers	UX: suspend forever time period messages (#13776)	2021-07-20 14:42:08 +04:00
models	FIX: restrict other user's notification routes (#14442)	2021-09-29 16:24:28 +04:00
serializers	FIX: include_ serializer methods must end with ? (#14407)	2021-09-22 16:01:25 +03:00
services	DEV: Add post_alerter_after_save_post event (#14388)	2021-09-20 21:18:38 +03:00
views	FIX: Offer site_logo_dark_url as an option for dark mode themes (#14361)	2021-09-16 17:47:51 -04:00