issues
search
eggjs
/
egg-security
Security plugin for egg, force performance too.
MIT License
238
stars
43
forks
source link
issues
Newest
Newest
Most commented
Recently updated
Oldest
Least commented
Least recently updated
feat: add hostnameExceptionList for ssrf
#100
killagu
closed
4 months ago
4
chore: optimize README in English
#99
hongzzz
closed
4 months ago
2
feat: add rotateWhenInvalid option for CSRF token
#98
hongzzz
closed
4 months ago
3
csrf 中间件 invalid csrf token 时,能否加一个option 来选择是否 rotate 来刷新 token?
#97
hongzzz
closed
4 months ago
1
feat: support SSRF check on useHttpClientNext = true
#96
fengmk2
closed
4 months ago
4
fix: use @eggjs/ip instead of ip
#95
fengmk2
closed
5 months ago
2
能不能从新的版本中将对IP这个包的引用去除掉?
#94
Harvey1976
closed
5 months ago
6
feat: use ip@v2
#93
fengmk2
closed
5 months ago
3
我现在项目使用漏洞检查OpenSCA扫描出来egg-security下面的“ip”依赖包有漏洞需要需升高版本“Remediation Upgrade `ip` to version 1.1.9, 2.0.1 or higher.”
#92
LinhoonYu
closed
5 months ago
2
不安全地址补充
#91
TangTang25
closed
8 months ago
5
为啥cookie中没有生成csrftoken,csrf用的默认配置
#90
ccbyland
opened
9 months ago
0
test: fix test case fail on Node.js 20
#89
fengmk2
closed
10 months ago
1
feat: CSRF cookies allow the use of signatures
#88
sullay
closed
10 months ago
2
有个疑问,这里为什么不进行签名呢?
#87
sullay
closed
10 months ago
1
feat: context 中的 `isSafeDomain()` 函数增加自定义白名单参数
#86
yisibl
closed
1 year ago
2
egg-security中通过中间件设置一些安全头对egg-static不起作用,看起来是egg-static的中间件先执行直接响应了body, 导致 egg-security的中间件没机会执行,这个顺序有办法调整么?
#85
WormGirl
opened
1 year ago
10
X-Frame-Options咨询
#84
suyizhang
closed
1 year ago
0
ipBlackList and ipExceptionList should support ipv6
#83
fengmk2
opened
1 year ago
0
feat: upgrade deps to latest versions
#82
fengmk2
closed
1 year ago
2
chore: auto release
#81
fengmk2
closed
1 year ago
2
feat: csrf cookie support cookieOptions
#80
damujiangr
closed
2 years ago
8
🐛 FIX: Add warning message on `false` value config
#79
fengmk2
closed
2 years ago
2
🐛 FIX: Should detect all rules before ignore on CSRF
#78
fengmk2
closed
2 years ago
1
deps: use nanoid@3
#77
fengmk2
closed
2 years ago
1
fix: should match script end tags like </script >
#76
fengmk2
closed
2 years ago
1
🤖 TEST: Run ci on GitHub Action
#75
fengmk2
closed
2 years ago
0
feat: Configurable csrf supported methods on request url level
#74
Anemone95
closed
2 years ago
8
[Snyk] Security upgrade nanoid from 2.1.11 to 3.1.31
#73
snyk-bot
closed
2 years ago
1
feat: Check whether the value is legal Before setting the header
#72
GuanyuChen
opened
2 years ago
1
feat: use hostname checking csrf referer whitelist instead of host
#71
hq5544
closed
9 months ago
0
add ssrf.ipExceptionList
#70
ShadyZOZ
closed
3 years ago
2
feat: csrf support check origin header with referer type
#69
anthinkingcoder
opened
4 years ago
1
docs: fix typos
#68
viko16
closed
4 years ago
1
feat: csrf support any, fix isSafeDomain bug
#67
dead-horse
closed
4 years ago
2
feat: config.cookieName support array
#66
dead-horse
closed
4 years ago
0
fixed: test case在新版node.js,content-length不能为空字符串
#65
pusongyang
closed
4 years ago
3
csrf开启useSession同时也写入Cookie,客户端可以沿用原来逻辑:从cookie中读取ctoken写入到httpheader,在服务端校验session中的值。
#64
pusongyang
closed
4 years ago
3
docs: typos & optimization
#63
whxaxes
closed
4 years ago
1
fix: use new URL instead of url.parse
#62
dead-horse
closed
5 years ago
1
chore: check origin/referrer header for identifying source origin
#61
anthinkingcoder
closed
4 years ago
3
feat: add escapeShellArg and escapeShellCmd
#60
p0sec
closed
5 years ago
2
fix: csrf false check
#58
whxaxes
closed
5 years ago
3
backport: csrf support referer
#57
whxaxes
closed
5 years ago
2
feat: csrf support referer type
#56
whxaxes
closed
5 years ago
7
chore: show contributors on README
#55
fengmk2
closed
5 years ago
3
deps: update packs and ignore lock file
#54
ghost
closed
5 years ago
3
test: use expectLog to assert log
#53
fengmk2
closed
5 years ago
4
fix: make sure domain is string before use it
#52
fengmk2
closed
5 years ago
2
fix require module name
#51
Ashing
closed
5 years ago
10
fix: fix referrer-policy enum check
#50
guoshencheng
closed
5 years ago
6
Next