jwt-csrf
jwt-csrf copied to clipboard
krakenjs
Stateless CSRF protection using jsonwebtoken (JWT)
Bumps [eslint](https://github.com/eslint/eslint) from 2.13.1 to 6.6.0. Release notes *Sourced from [eslint's releases](https://github.com/eslint/eslint/releases).* > ## v6.6.0 > * [`39dfe08`](https://github.com/eslint/eslint/commit/39dfe0880fa934e287e8ea1f7b56d5cba8d43765) Update: false positives in function-call-argument-newline (fixes [#12123](https://github-redirect.dependabot.com/eslint/eslint/issues/12123)) ([#12280](https://github-redirect.dependabot.com/eslint/eslint/issues/12280)) (Scott O'Hara) > *...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
Updates jsonwebtoken to ^8.3.0 to patch necessary security issues with 4.2.2. Replaces the 'expiresInMinutes' with the new 'expiresIn' function
Function `resolveDomain()` has incorrect implementation: ```javascript function resolveDomain(req) { var host = req.get('host'); // Ex: "mysite.com:8000" var domain = host.substr(0, host.indexOf(':') || host.length); // Ex: "mysite.com" return '.' + domain;...
This library currently supports only SHA-256 encryption. The dependent NPM package _jsonwebtoken_ currently supports a wide range of encryption algorithms: https://www.npmjs.com/package/jsonwebtoken#algorithms-supported. These could possibly be configured via the options. Thoughts?
…iv and decipheriv crypto methods if they exist otherwise default to deprecated cipher and decipher methods and original configuration
Version `4.2.2` has a critical security vulnerability https://auth0.com/blog/2015/03/31/critical-vulnerabilities-in-json-web-token-libraries/
Set-Cookie not working on localhost fixed Fixed cases when getUserToken not defined caused exception Updated dependencies with critical security warnings
I have tried to fix the following issue - https://github.com/krakenjs/jwt-csrf/issues/11 Idea is to allow for a exclusion list while patching the xhr requests with the client package. Not all outgoing...
This PR is much smaller than it seems. I added a typings file for the 2 main jwt-csrf functions. To make these clean and not throw errors i had to...
With `node v10.0.0` and above, `crypto.cipher` and `crypto.decipher` have been deprecated. I have created a PR that updates to new functions and allows passing algorithm options.