some comments

This commit is contained in:
Bruno Windels 2019-03-08 20:03:47 +01:00
parent ec925d7c49
commit 95bef00054

View file

@ -21,6 +21,8 @@ class RequestWrapper {
export default class HomeServerApi {
constructor(homeserver, accessToken) {
// store these both in a closure somehow so it's harder to get at in case of XSS?
// one could change the homeserver as well so the token gets sent there, so both must be protected from read/write
this._homeserver = homeserver;
this._accessToken = accessToken;
}