Dear Jeremy,
I also really welcome those changes and currently I mostly use the
server with a few routes that I added (serving attachments) to it
myself. I'll keep this short, but I definitely like the changes made
already and I look forward to having it be in the next version.
Here however are a suggestions that have come up for me in the past:
* CSRF protection for both the browser messaging (plugin library)
architecture as well as the PUT/DELETE rest api. It is scary to know
that iframes or any other website that I visit can inject javascript
tiddlers while running the server. This might work in tandem with the
new authentication.
(Hint: the plugin library architecture uses the cookie variable already,
but does not include/check for a nonce for some reason when getting a
response)
* A module (route) that serves rendered tiddlers, instead of serving
them as json. This is the unique ability of having the wiki run under
node and while possibly obscure, there is a lot of creative things one
can do with this with regards to browser integration (think
tampermonkey) or access to formatted data in the wiki from say bash or
other external programs.
* HTTPS support would be neat, not sure if its possible to include a
self signed certificate, but node's built in http(s) server is fully
able to serve over https as well.
Thank for tackling the server overhaul and also for reading,
/Andreas
--
You received this message because you are subscribed to the Google Groups
"TiddlyWikiDev" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at https://groups.google.com/group/tiddlywikidev.
To view this discussion on the web visit
https://groups.google.com/d/msgid/tiddlywikidev/d9a8d4dc-ac1d-f535-9643-d68454bae30a%40googlemail.com.
For more options, visit https://groups.google.com/d/optout.
