wtrocki
commented
4 years ago Amazing change! Thank you so much for contribution! As for future please refrain from making any additional changes like formatting.
Your PR made me aware of the instant security risk of the directives. If we have a malicious directive that will be loaded before the auth directive it can override context and under some circumstances let unauthorized user to login.
There is no way to prevent from this, but it has also low severity as directive needs to be crafted to override ours.
Builds and passes all original tests and validations so didnt see need to add specific tests. Not sure if the CI scripts auto updates package.json version so had it updated manually.