mirror of
https://github.com/wallabag/wallabag.git
synced 2025-02-01 08:26:48 +01:00
aa06e8328e
This change annoys me, however this endpoint was anyway problematic: - it was vulnerable to a CSRF attack, see GHSA-56fm-hfp3-x3w3 - it is useless as we don't really handle a two-steps validation Still, if you send an incorrect code during the "activation" phase a flash error will pop up but the 2fa will stay enabled. This need rework when possible. Signed-off-by: Kevin Decherf <kevin@kdecherf.com>