lusca
lusca copied to clipboard
krakenjs
Application security for express apps.
I am trying to build a basic Express app with some security protocols implemented using Lusca. I am facing two issues. The first is with CSP (content security policy), for...
What is the recommended practice to define a sensible CSP to allow socket.io requests? The host name may be known only upon receiving a request with the `Host:`, so I...
I currently have an node express app behind an nginx load balancer. I am curious to know what is the best practice when it comes to setting security policies such...
See Angular docs at the paragraph "Cross Site Request Forgery (XSRF) Protection" https://docs.angularjs.org/api/ng/service/$http
CSRF Query
Why does lusca not try and get the csrf token(usually in body) from `req.query` also? There is no difference in the delivery of the correct csrf token as the cookie...
Hi I am using krakenJS and enabled CSRF. Currently I am able to reuse the generated csrf token in one page to another page(With in the user session only) I...
Upon install: ``` bash npm WARN engineStrict Per-package engineStrict (found in package.json for lusca) npm WARN engineStrict won't be used in npm 3+. Use the config setting `engine-strict` instead. ```
Is there a way to hook into to when a CSRF returns 404? I'd like to check in on the IP of the originating server to see if I can...
Hey all, I was having problems between `lusca` and another code I was trying to integrated, specifically speaking, doing redirections based on some conditions like expired sessions with 401 status...
