|
|
@@ -73,13 +73,12 @@ We removed the need to type `uppy.run()` in [#793](https://github.com/transloadi
|
|
|
|
|
|
Authorisation tokens from Uppy Server are now stored in local storage as opposed to cookies. Two primary reasons for this decision are:
|
|
|
|
|
|
-1. It avoids CSRF issues which are present when using cookies
|
|
|
-2. It allows for less stringent [CORS policies enforced by browsers](https://github.com/transloadit/uppy/issues/803#issuecomment-386257515), since we are no longer sending cookie credentials via Ajax requests
|
|
|
+1. It avoids CSRF issues which are present when using cookies.
|
|
|
+2. It allows for less stringent [CORS policies enforced by browsers](https://github.com/transloadit/uppy/issues/803#issuecomment-386257515), since we are no longer sending cookie credentials via Ajax requests.
|
|
|
|
|
|
-This is a breaking change because it requires that the Uppy Server version should also be updated to **0.13.x** otherwise there could be unexpected behaviour
|
|
|
-
|
|
|
-What's more about the Authorisation tokens is that they are now encrypted on the Server before being sent down to the client. Subsequent requests from the client will then send the token to the Server via headers(not via cookies anymore).
|
|
|
+This is a breaking change because it requires that the Uppy Server version should also be updated to **0.13.x** otherwise there could be unexpected behaviour.
|
|
|
|
|
|
+What’s more about the Authorisation tokens is that they are now encrypted on the server before being sent down to the client. Subsequent requests from the client will then send the token to the server via headers (not via cookies anymore).
|
|
|
|
|
|
## Other Cool Changes
|
|
|
|
Artur Paikin