Files
fizzy/test/controllers
Rosa Gutierrez 5f390f72df Support local installations where the app is loaded over HTTP
In this case requests won't be performed from a secure context [1] and
the browser won't send the Sec-Fetch-Site header. This means non-GET
requests will be rejected because CSRF protection will fail.

With this change, we allow these requests with missing Sec-Fetch-Site
headers if:
- They happen over HTTP
- The app is not configured to force SSL

The Origin check happens in any case.

[1] https://developer.mozilla.org/en-US/docs/Web/Security/Defenses/Secure_Contexts#potentially_trustworthy_origins
2026-01-05 18:50:14 +01:00
..
2025-12-16 16:44:20 +01:00
2025-12-11 10:36:56 +01:00
2025-11-24 12:04:33 +01:00
2025-06-24 13:26:37 +02:00
2025-12-19 19:21:57 +01:00
2025-12-20 18:12:42 -06:00
2025-11-21 15:30:14 +00:00
2025-12-13 13:05:30 -05:00