lusca icon indicating copy to clipboard operation
lusca copied to clipboard

Published 20 hours ago verified publisher icon krakenjs

Metadata

Application security for express apps.

Results 41 lusca issues
Sort by recently updated
recently updated
newest added

Fix typo in Readme

plegner avatar plegner

Bump minimatch, grunt and grunt-mocha-test

Bumps [minimatch](https://github.com/isaacs/minimatch) to 3.0.8 and updates ancestor dependencies [minimatch](https://github.com/isaacs/minimatch), grunt and grunt-mocha-test. These dependencies need to be updated together. Updates `minimatch` from 0.2.14 to 3.0.8 Commits 782c264 3.0.8 6ade2da fix:...

dependabot[bot] avatar dependabot[bot]

dependencies

Fixed broken OWASP links

1 comment

Fixed broken OWASP links

ohpyupi avatar ohpyupi

set csrf token on response for bypassed POST urls

When a URL is added to be bypassed, CSRF is not set in the response which leads to subsequent POST requests throwing a 403. This change sets the CSRF token...

aravindsrivats avatar aravindsrivats

Bump path-parse from 1.0.6 to 1.0.7

Bumps [path-parse](https://github.com/jbgutierrez/path-parse) from 1.0.6 to 1.0.7. Commits See full diff in compare view [![Dependabot compatibility score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=path-parse&package-manager=npm_and_yarn&previous-version=1.0.6&new-version=1.0.7)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores) Dependabot will resolve any conflicts with this PR as long as you don't alter...

dependabot[bot] avatar dependabot[bot]

dependencies

Disable x-xss-protection by default

As you know, Google Chrome Developers disabled XSS Auditor. Developers should be able to disable the auditor for older browsers and set it to 0. The `x-xss-protection` header was found...

jiheon-dev avatar jiheon-dev

Bump cli from 0.4.5 to 1.0.1

Bumps [cli](https://github.com/node-js-libs/cli) from 0.4.5 to 1.0.1. Commits 470db35 1.0.1 ae103f8 Update glob, closes #91 969a1e5 1.0.0 ed90515 Merge pull request #86 from jugglinmike/remove-daemon fd6bc4d Remove daemon support 9f4c00b Merge pull...

dependabot[bot] avatar dependabot[bot]

dependencies

Setting CSRF token on the blacklisted routes.

Hi. It seems like for end points that are blacklisted by Lusca, it does not set CSRF tokens for the requests at all. So what can happen is for the...

ohpyupi avatar ohpyupi

Nonce is not being generated

2 comment

The documentation for lusca.csp says this: `options.scriptNonce Boolean - Enable nonce for inline script-src, access from res.locals.nonce` Which, to me, sounds like lusca would generate the nonces it self. I...

danielcl avatar danielcl

lusca.xframe value - "ALLOW-FROM uri" is obselete

Hello Team, Based on the [README](https://github.com/krakenjs/lusca#luscaxframevalue), it's recommended to use `ALLOW-FROM URI` but [MDN docs](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) recommend not to use it as its obsolete and is not supported in a modern...

kruthivijay31 avatar kruthivijay31

Metadata

1.8k
Stars
139
Forks
Watchers

Owner

verified publisher icon krakenjs

Metadata

Application security for express apps.

Back