lusca
lusca copied to clipboard
krakenjs
Application security for express apps.
Is there a way to disable the error logging when a CSRF token missing is triggered? I guess someone is constantly trying to take advantage of my server my logs...
Does lusca contains protection from ddos attacks?
Currently, Lusca's CSRF module generates 10 bytes of random data. With Base64 conversion, session secrets include two equal sign characters. Is there a specific reason 10 bytes has been chosen?...
Hi, I am trying to move authentication to my first loaded route -> '/' - the index page, and I have to send the post request twice because the XSRF...
In the readme, the express-session options `resave` and `saveUninitialized` are both set to true. Is this a requirement for using lusca?
What does `p3p` require for a value, is that a key? Or some kind of configuration value? The link to the Microsoft page isn't very helpful, nor the W3C spec...
Using lusca 1.4.1 and node 7.7.4. Got this warning message: `Warning: a promise was created in a handler at Users/nates/Documents/Development/shy/node_modules/lusca/index.js:48:21 but was not returned from it, see http://goo.gl/rRqMUw` If you...
- Added optional custom `impl` function that creates a report-uri. Used if you want to tack on a token or some unique identifier to the end of the report-uri to...
Hi guys, after update lusca I got error : ``` Error: CSRF token missing var csrfExclude = ['/webhooks']; // is not working any more ? ```
