rails-jwt-auth-tutorial

rails-jwt-auth-tutorial copied to clipboard

I had to use **skip_before_action :verify_authenticity_token** in my application controller to get the server to send back the auth_token.

onedebos

Bumps [loofah](https://github.com/flavorjones/loofah) from 2.0.3 to 2.3.1. Release notes *Sourced from [loofah's releases](https://github.com/flavorjones/loofah/releases).* > ## 2.3.1 / 2019-10-22 > > ### Security > > Address CVE-2019-15587: Unsanitized JavaScript may occur in...

dependabot[bot]

the guide says to put: `config.autoload_paths

EstevanBR

The way you get `secret_key_base` is not working at Heroku for Rails >= 5.2: ``` # json_web_token.rb .. JWT.encode(payload, Rails.application.secrets.secret_key_base) ``` The new way would be: ``` JWT.encode(payload, Rails.application.credentials.dig(:secret_key_base)) ```...

belgoros

How to handle refresh token / reauthorization best practice?

2

Not necessarily an issue or bug, but how would I go about issuing a refresh token? Sorry if there is a naive question, but if the token expires after 24...

patwalls

Bumps [sprockets](http://getsprockets.org/) from 3.7.1 to 3.7.2. [](https://help.github.com/articles/configuring-automated-security-fixes) Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a...

dependabot[bot]

Bumps [rails-html-sanitizer](https://github.com/rails/rails-html-sanitizer) from 1.0.3 to 1.4.4. Release notes Sourced from rails-html-sanitizer's releases. 1.4.4 / 2022-12-13 Address inefficient regular expression complexity with certain configurations of Rails::Html::Sanitizer. Fixes CVE-2022-23517. See GHSA-5x79-w82f-gw8w for...

dependabot[bot]

Bumps [loofah](https://github.com/flavorjones/loofah) from 2.0.3 to 2.19.1. Release notes Sourced from loofah's releases. 2.19.1 / 2022-12-13 Security Address CVE-2022-23514, inefficient regular expression complexity. See GHSA-486f-hjj9-9vhh for more information. Address CVE-2022-23515, improper...

dependabot[bot]