eggjs egg-security issues

eggjs / egg-security

Security plugin for egg, force performance too.

MIT License

238 stars 43 forks source link

issues

Newest

Newest Most commented Recently updated Oldest Least commented Least recently updated

fix: shtml check domainWhiteList hostname get null

#49 EliYao closed 6 years ago
7
chore: improve npm scripts

#48 ghost closed 6 years ago
2
refactor (shtml,cliFilter,sjs,README): Modifications of files

#47 ghost closed 6 years ago
5
fix: preprocess config in app.js

#46 dead-horse closed 6 years ago
1
doc (README.zh-CN.md, README.md): Fix typos and add missing trans

#45 ghost closed 6 years ago
4
Fix: Make `domain` and `whiteList`, `protocalWhiteList` in the same lower case

#44 ghost closed 6 years ago
5
fix: user secure random generator

#43 ai closed 6 years ago
3
utils (isSafeDomain): Use `matcher` to check for a wild character of a domain

#42 ghost closed 6 years ago
2
doc: Translate from Chinese into English for several files for their comments

#41 ghost closed 6 years ago
2
feat: should allow `options` http method

#40 ghost closed 6 years ago
6
fix: disable nosniff on redirect status

#39 fengmk2 closed 6 years ago
2
fix: disable nosniff on redirect status

#38 fengmk2 closed 6 years ago
7
[feature] methodnoallow 支持配置禁止的 http method & 优化代码

#37 Houfeng closed 6 years ago
1
fix: format illegal url

#36 dead-horse closed 6 years ago
3
docs: update warning infomation for ignoreJSON

#35 popomore closed 6 years ago
2
docs: fix SSRF link

#34 popomore closed 6 years ago
2
feat: support safeCurl for SSRF protection

#33 dead-horse closed 6 years ago
1
feat: support safeCurl for SSRF protection

#32 dead-horse closed 6 years ago
5
fix: deprecate ignoreJSON

#31 dead-horse closed 6 years ago
2
fix: deprecate ignoreJSON

#30 dead-horse closed 6 years ago
1
fix: absolute path detect should ignore evil path

#29 fengmk2 closed 6 years ago
4
fix: absolute path detect should ignore evil path

#28 fengmk2 closed 6 years ago
6
feat: add refererpolicy support

#27 jtyjty99999 closed 6 years ago
7
domainWhiteList supports wildcard character(*)

#26 codefine closed 6 years ago
8
refactor: use async function and support egg@2

#25 dead-horse closed 7 years ago
5
fix: options method should be safe

#24 sabakugaara closed 7 years ago
4
fix(csrf): ignore json request even body not exist

#23 dead-horse closed 7 years ago
1
feat: make session plugin optional

#22 dead-horse closed 7 years ago
2
dominWhiteList supports '*' and [ '*' ]

#21 brickyang closed 7 years ago
2
fix: should not assert csrf when path match ignore

#20 dead-horse closed 7 years ago
2
feat: add global path blocking to avoid directory traversal attack

#19 jtyjty99999 closed 7 years ago
22
docs: fix License url

#18 popomore closed 7 years ago
3
feat: config.security.csrf.cookieDomain can be function

#17 fengmk2 closed 7 years ago
5
feat: cookie csrf token add appname

#16 dead-horse closed 7 years ago
3
feat: use egg-path-matching to support fn

#15 dead-horse closed 7 years ago
5
feat:support muiltiple query/body key to valid csrf token

#14 jtyjty99999 closed 7 years ago
4
feat: add ctx.rotateCsrfToken

#13 dead-horse closed 7 years ago
5
refactor: add csrf faq url to error msg in local env

#12 shaoshuai0102 closed 7 years ago
7
feat: surl support protocol whitelist

#11 jtyjty99999 closed 7 years ago
13
refactor: rewrite csrf

#10 dead-horse closed 7 years ago
4
Ajax judgement

#9 jtyjty99999 closed 7 years ago
8
test: fix test

#8 shaoshuai0102 closed 7 years ago
4
feat:support hash link in shtml

#7 jtyjty99999 closed 7 years ago
4
fix: make sure every middleware has name

#6 fengmk2 closed 8 years ago
3
feat:disable hsts for default

#5 jtyjty99999 closed 8 years ago
6
refactor: remove ctoken, csrf check all post/put/.. requests

#4 dead-horse closed 8 years ago
11
fix: lower case header will get better performance

#3 fengmk2 closed 8 years ago
4
refactor: use setRawHeader

#2 dead-horse closed 8 years ago
6
fix: disable hsts on local env

#1 fengmk2 closed 8 years ago
3