Only unset crumb cookie if cors.origin set to '*'

hapijs / crumb

CSRF crumb generation and validation for hapi

Other

171 stars 50 forks source link

Only unset crumb cookie if cors.origin set to '*' #25

Closed stongo closed 9 years ago

stongo commented 10 years ago

Token leakage acceptable if cors.origin set to specified hosts

stongo commented 9 years ago

A allowOrigins plugin option has been added instead. Also see https://github.com/hapijs/crumb/issues/30

lock[bot] commented 4 years ago

This thread has been automatically locked due to inactivity. Please open a new issue for related bugs or questions following the new issue template instructions.