krakenjs/lusca issues and pull requests

#154 - CSRF token is mismatch even in correct things.

Issue - State: closed - Opened by Fyphen1223 about 1 year ago - 1 comment

#153 - Fix typo in Readme

Pull Request - State: open - Opened by plegner over 1 year ago

#152 - Bump minimatch, grunt and grunt-mocha-test

Pull Request - State: open - Opened by dependabot[bot] about 2 years ago
Labels: dependencies

#151 - Fixed broken OWASP links

Pull Request - State: open - Opened by ohpyupi over 2 years ago - 1 comment

#150 - set csrf token on response for bypassed POST urls

Pull Request - State: open - Opened by aravindsrivats about 3 years ago

#149 - fix :bug: allowlist.type exact

Pull Request - State: closed - Opened by chernjie over 3 years ago

#148 - Bump path-parse from 1.0.6 to 1.0.7

Pull Request - State: open - Opened by dependabot[bot] over 3 years ago
Labels: dependencies

#147 - Disable x-xss-protection by default

Pull Request - State: open - Opened by jiheon-dev over 3 years ago

#146 - Bump cli from 0.4.5 to 1.0.1

Pull Request - State: open - Opened by dependabot[bot] almost 4 years ago
Labels: dependencies

#145 - Updating csrf config to allow passing type of match

Pull Request - State: closed - Opened by maxmil7 almost 4 years ago - 1 comment

#144 - Extra value types for xframe

Pull Request - State: closed - Opened by linkRace about 4 years ago - 3 comments

#143 - Rename csrf blacklist/whitelist configs

Issue - State: closed - Opened by JevinAnderson about 4 years ago - 1 comment

#142 - Setting CSRF token on the blacklisted routes.

Issue - State: open - Opened by ohpyupi over 4 years ago

#141 - lusca.xframe value - "ALLOW-FROM uri" is obselete

Issue - State: open - Opened by kruthivijay31 over 4 years ago

#140 - Change whitelist/blacklist to allowlist/blocklist

Pull Request - State: closed - Opened by linkRace over 4 years ago - 4 comments

#139 - Cookie “XSRF-TOKEN” will be soon rejected

Issue - State: open - Opened by miclill over 4 years ago - 1 comment

#138 - Change CSRF-Token name

Issue - State: open - Opened by molerat619 almost 5 years ago

#137 - CSP policy is wrong when whitespace is missing before 'self'

Issue - State: open - Opened by danielcl about 5 years ago

#136 - Nonce is not being generated

Issue - State: open - Opened by danielcl about 5 years ago - 2 comments

#135 - CSRF token missing at app.use(lusca.csrf())

Issue - State: closed - Opened by darklight147 about 5 years ago

#134 - How skip api css js avoid redundant？

Issue - State: open - Opened by lichspace over 5 years ago

#133 - lusca requires req.session

Issue - State: open - Opened by matharuajay over 5 years ago

#132 - Fix #128: CSRF whitelist or blacklist multiple endpoints.

Pull Request - State: closed - Opened by gladchinda over 5 years ago

#131 - DNS Rebinding protection

Issue - State: open - Opened by brannondorsey about 6 years ago

#130 - refactor csrf blacklist/whitelist code

Pull Request - State: closed - Opened by polunzh over 6 years ago

#129 - Fix #128: CSRF whitelist or blacklist multiple endpoints.

Pull Request - State: closed - Opened by gladchinda over 6 years ago - 4 comments

#128 - CSRF blacklist and whitelist not working as expected for multiple endpoints.

Issue - State: closed - Opened by gladchinda over 6 years ago - 1 comment

#127 - Is helmet needed with lusca?

Issue - State: closed - Opened by khaledosman over 6 years ago - 2 comments

#126 - How to send post with CSRF token without manually adding a form or whitelisting/blacklisting

Issue - State: closed - Opened by djaffer over 6 years ago - 2 comments

#125 - req.locals.nonce -> res.locals.nonce

Pull Request - State: closed - Opened by theel0ja over 6 years ago - 1 comment

#124 - X-XSS-Protection report uri

Issue - State: open - Opened by theel0ja over 6 years ago - 1 comment

#123 - Support CSRF black/white listing on URL params

Issue - State: open - Opened by mjy78 over 6 years ago - 2 comments

#122 - fix blacklist or whitelist judge error

Pull Request - State: closed - Opened by Priccc over 6 years ago - 1 comment

#121 - fix csrf balcklist/whitelist shouldBypass check

Pull Request - State: closed - Opened by relifeted almost 7 years ago - 2 comments

#120 - fix csrf balcklist/whitelist shouldBypass check

Pull Request - State: closed - Opened by relifeted almost 7 years ago - 1 comment

#119 - Exempting XSRF-TOKEN for some requests

Issue - State: closed - Opened by beshad almost 7 years ago - 2 comments

#118 - Allows CSRF whitelist and blacklist

Pull Request - State: closed - Opened by linkRace almost 7 years ago - 1 comment

#117 - csrf http2 token validation fails while http1 passes

Issue - State: closed - Opened by avoidwork about 7 years ago - 2 comments

#116 - CSRF error status code

Issue - State: open - Opened by zisiszikos about 7 years ago - 3 comments

#115 - DDOS - does lusca contains protection from ddos attacks

Issue - State: open - Opened by maxprog over 7 years ago - 2 comments
Labels: question

#114 - Add style/script directive if nonce is true

Pull Request - State: closed - Opened by kumarrishav over 7 years ago - 3 comments

#113 - Update README.md to replace a P3P 404 link

Pull Request - State: closed - Opened by m0uneer over 7 years ago - 1 comment

#112 - Nonce typo and match store

Pull Request - State: closed - Opened by linkRace over 7 years ago - 1 comment

#111 - Updates so style-src is replaced properly on subsequent calls

Pull Request - State: closed - Opened by danbehar over 7 years ago - 1 comment

#110 - Add support for CSP nonces

Pull Request - State: closed - Opened by linkRace over 7 years ago

#109 - CSRF: Move from 10 Bytes to 9 or 12.

Issue - State: open - Opened by jagracey over 7 years ago

#108 - updates supported node versions, updates license, removes maintainer

Pull Request - State: closed - Opened by gabrielcsapo over 7 years ago

#107 - update tests and dependencies

Issue - State: closed - Opened by gabrielcsapo over 7 years ago

#106 - Are resave and saveUninitialized options for sessions required?

Issue - State: open - Opened by sbking over 7 years ago

#105 - CSRF:how to provide a specific list of urls for check-CSRF to ignore

Issue - State: closed - Opened by finmily over 7 years ago - 1 comment

#104 - Allow CSRF cookie options to be set

Pull Request - State: closed - Opened by stgogm over 7 years ago - 8 comments

#103 - Allow CSRF cookie options to be set

Pull Request - State: closed - Opened by stgogm over 7 years ago - 1 comment

#102 - Put in return to suppress promise warning

Pull Request - State: closed - Opened by nstuyvesant almost 8 years ago - 2 comments

#101 - Warning that a promise was created in a handler but not returned from it

Issue - State: open - Opened by nstuyvesant almost 8 years ago

#100 - Add header option to csrf config

Pull Request - State: closed - Opened by stgogm almost 8 years ago - 1 comment

#99 - Support for Referrer-Policy header

Pull Request - State: closed - Opened by effrenus almost 8 years ago - 1 comment

#98 - |

Issue - State: closed - Opened by SensationSama about 8 years ago

#97 - Error: CSRF token mismatch

Issue - State: closed - Opened by erbridge about 8 years ago - 3 comments

#96 - Added license badge to README.md

Pull Request - State: closed - Opened by cmelone about 8 years ago

#95 - How to get XSRF token before first post request

Issue - State: open - Opened by ghost about 8 years ago - 5 comments

#94 - Update eBay license to PayPal license

Pull Request - State: closed - Opened by vertex over 8 years ago - 1 comment

#93 - Lusca + Angular2 Problems

Issue - State: closed - Opened by vgogov over 8 years ago - 3 comments

#92 - how to allow bypass security from one route

Issue - State: closed - Opened by luisfusim over 8 years ago - 2 comments

#91 - Use lower case header can improve 3x performance

Pull Request - State: closed - Opened by fengmk2 over 8 years ago - 6 comments

#90 - socket.io Content-Security-Policy Host

Issue - State: open - Opened by theage over 8 years ago - 3 comments

#89 - Lusca and nginx best practices

Issue - State: open - Opened by titoesteves over 8 years ago - 3 comments

#88 - Basic Security with Node, Express and Lusca

Issue - State: open - Opened by ghost over 8 years ago - 1 comment

#87 - travis to build on latest node

Pull Request - State: closed - Opened by suryagh over 8 years ago - 4 comments

#86 - use double hmac comparision for tokens

Pull Request - State: closed - Opened by suryagh over 8 years ago - 6 comments

#85 - Shouldn't be a space in nosniff

Pull Request - State: closed - Opened by linkRace over 8 years ago - 1 comment

#84 - Remove dependency and add grunt-cli

Pull Request - State: closed - Opened by geek over 8 years ago - 7 comments

#83 - No sniff test

Pull Request - State: closed - Opened by linkRace over 8 years ago - 2 comments

#82 - Update README.md

Pull Request - State: closed - Opened by linkRace over 8 years ago - 1 comment

#81 - Update README with nosniff

Pull Request - State: closed - Opened by linkRace over 8 years ago

#80 - Version Bump

Pull Request - State: closed - Opened by linkRace over 8 years ago - 1 comment

#79 - Change csp api to handle more directives

Pull Request - State: closed - Opened by jasisk almost 9 years ago - 3 comments

#78 - Secure csrf

Issue - State: open - Opened by mrazvan21 almost 9 years ago - 6 comments

#77 - Adding nosniff Header

Pull Request - State: closed - Opened by linkRace almost 9 years ago - 10 comments

#76 - Handle request cookie in order to get csrf token.

Pull Request - State: closed - Opened by Jule- almost 9 years ago - 8 comments

#75 - Update README.md

Pull Request - State: closed - Opened by ghost almost 9 years ago - 2 comments

#74 - how to submit a (enctype="multipart/form-data") form with csrf

Issue - State: open - Opened by Kaven-W almost 9 years ago

#73 - use postman in chrome found error : CSRF token missing

Issue - State: open - Opened by simdm about 9 years ago - 12 comments

#72 - Add support for arrays in CSP

Pull Request - State: closed - Opened by giladgo about 9 years ago - 5 comments

#71 - Feature/improve csp support

Pull Request - State: closed - Opened by turboMaCk about 9 years ago - 9 comments

#70 - CSRF token missing for enctype="multipart/form-data"

Issue - State: closed - Opened by erbridge about 9 years ago - 4 comments

#69 - support for CSP's block-all-mixed-content

Issue - State: closed - Opened by turboMaCk over 9 years ago - 1 comment
Labels: enhancement

#68 - Invalidate CSRF token

Issue - State: open - Opened by kumarmugu over 9 years ago - 7 comments

#67 - feat(CSP): Added optional custom impl function that creates a report-uri

Pull Request - State: open - Opened by mstuart over 9 years ago - 4 comments

#66 - fix to get lusca work with client-session library

Pull Request - State: closed - Opened by muthu-cs over 9 years ago - 3 comments

#65 - lusca with client-sesson fails

Issue - State: closed - Opened by muthu-cs over 9 years ago - 3 comments

#64 - REST API sessionless

Issue - State: closed - Opened by fondberg over 9 years ago - 2 comments

#63 - CSRF Hooks

Issue - State: open - Opened by uptownhr over 9 years ago - 1 comment

#62 - CSRF: Disable error log?

Issue - State: open - Opened by uptownhr over 9 years ago - 1 comment

#61 - CSRF Query

Issue - State: open - Opened by gabeio over 9 years ago - 18 comments

#59 - Add bypass csrf validation for post first applications

Pull Request - State: closed - Opened by shaunwarman over 9 years ago - 12 comments

GitHub / krakenjs/lusca issues and pull requests