-
Only allow your site to be loading in an iFrame on your own pages.
-
Do not allow DNS prefetching.
-
Only allow your site to send the referrer for your own pages.
-
I can POST a thread to a specific message board by passing form data containing text and delete_password to
/api/threads/{board}. The object saved (and returned) will include _id, text, created_on, bumped_on(starts same as created_on), reported(boolean), delete_password and replies(array). -
I can POST a reply to a thread on a specific message board by passing form data containing text, delete_password and thread_id to
/api/replies/{board}and it will also update the bumped_on date to the reply date. The object saved (and returned) will include _id, text, created_on, reported(boolean), and delete_password. -
I can GET an array of the most recent 10 bumped threads on the board with only the most recent 3 replies each from
/api/threads/{board}. The reported and delete_password fields will not be sent to the client. -
I can GET an entire thread with all its replies from
/api/replies/{board}?thread_id={thread_id}. The reported and delete_password fields will not be sent to the client. -
I can delete a thread completely if I send a DELETE request to
/api/threads/{board}and pass along the thread_id and delete_password. (Text response will be 'incorrect password' or 'success') -
I can delete a post(just changing the text to '[deleted]' instead of removing completely like a thread) if I send a DELETE request to
/api/replies/{board}and pass along the thread_id, reply_id and delete_password. (Text response will be 'incorrect password' or 'success') -
I can report a thread and change its reported value to true by sending a PUT request to
/api/threads/{board}and pass along the thread_id. (Text response will be 'success') -
I can report a reply and change its reported value to true by sending a PUT request to
/api/replies/{board}and pass along the threadid* & replyid*. (Text response will be 'success') -
Complete functional tests that wholely test routes and pass.
-
Notifications
You must be signed in to change notification settings - Fork 1
Information Security Project #2 - Anonymous Message Board.
kelvinsanchez15/anonymous-message-board
Folders and files
| Name | Name | Last commit message | Last commit date | |
|---|---|---|---|---|
Repository files navigation
About
Information Security Project #2 - Anonymous Message Board.