refactor: rewrite csrf - Githubissues

eggjs / egg-security

Security plugin for egg, force performance too.

MIT License

238 stars 43 forks source link

refactor: rewrite csrf #10

Closed dead-horse closed 7 years ago

dead-horse commented 7 years ago

重构 csrf。closes https://github.com/eggjs/egg/issues/260

支持 cookie / session 存放 csrf secret。
支持 body / header 发送 csrf token。
支持对 json 类型的请求不做 csrf 校验。

session 存为 CSRF Tokens 模式。
cookie 存为 Double Submit Cookies 模式。

codecov-io commented 7 years ago

Current coverage is 96.34% (diff: 100%)

Merging #10 into master will increase coverage by 1.93%

@@             master        #10   diff @@
==========================================
  Files            26         25     -1   
  Lines           393        410    +17   
  Methods           0          0          
  Messages          0          0          
  Branches          0          0          
==========================================
+ Hits            371        395    +24   
+ Misses           22         15     -7   
  Partials          0          0

Powered by Codecov. Last update 86706a3...0bb49f2

dead-horse commented 7 years ago

@fengmk2 @jtyjty99999 再看一下

dead-horse commented 7 years ago

没有其他问题的话合并的时候 squash 一下

dead-horse commented 7 years ago

先发一个版本，jsonp 要依赖。

现在还没有人用，还是发 1.x 吧