followup

author Joey Hess <joeyh@joeyh.name>

Wed, 12 Dec 2018 14:43:52 +0000 (10:43 -0400)

committer Joey Hess <joeyh@joeyh.name>

Wed, 12 Dec 2018 14:43:52 +0000 (10:43 -0400)
author Joey Hess <joeyh@joeyh.name>
Wed, 12 Dec 2018 14:43:52 +0000 (10:43 -0400)
committer Joey Hess <joeyh@joeyh.name>
Wed, 12 Dec 2018 14:43:52 +0000 (10:43 -0400)
diff --git a/doc/bugs/Unable_to_access_pagespec_preferences_on_https:__47____47__joeyh.name__47__/comment_1_8e26ec8941be9f6b16cec97281df7aaf._comment b/doc/bugs/Unable_to_access_pagespec_preferences_on_https:__47____47__joeyh.name__47__/comment_1_8e26ec8941be9f6b16cec97281df7aaf._comment

new file mode 100644 (file)

index 0000000..940366a
--- /dev/null
+++ b/doc/bugs/Unable_to_access_pagespec_preferences_on_https:__47____47__joeyh.name__47__/comment_1_8e26ec8941be9f6b16cec97281df7aaf._comment
@@ -0,0 +1,17 @@
+[[!comment format=mdwn
+ username="joey"
+ subject="""comment 1"""
+ date="2018-12-12T14:40:46Z"
+ content="""
+Sending an auth token with every notification email would
+not be good from a security POV.
+
+But, the ikiwiki username that has subscribed could be included in the
+emails; the url to the prefs could possibly even have it prefilled
+(unless CSRF protection or something prevents that).
+
+> I think now when I login via either method I'm accessing the account with a username
+
+No, ikiwiki accounts are not connected like this. If you log in with the
+old account it will have separate subscription prefs than the new account.
+"""]]
author	Joey Hess <joeyh@joeyh.name>
	Wed, 12 Dec 2018 14:43:52 +0000 (10:43 -0400)
committer	Joey Hess <joeyh@joeyh.name>
	Wed, 12 Dec 2018 14:43:52 +0000 (10:43 -0400)