Ecosyste.ms: Issues

An open API service for providing issue and pull request metadata for open source projects.

GitHub / krakenjs/lusca issues and pull requests

#154 - CSRF token is mismatch even in correct things.

Issue - State: closed - Opened by Fyphen1223 8 months ago - 1 comment

#153 - Fix typo in Readme

Pull Request - State: open - Opened by plegner about 1 year ago

#152 - Bump minimatch, grunt and grunt-mocha-test

Pull Request - State: open - Opened by dependabot[bot] over 1 year ago
Labels: dependencies

#151 - Fixed broken OWASP links

Pull Request - State: open - Opened by ohpyupi about 2 years ago - 1 comment

#150 - set csrf token on response for bypassed POST urls

Pull Request - State: open - Opened by aravindsrivats over 2 years ago

#149 - fix :bug: allowlist.type exact

Pull Request - State: closed - Opened by chernjie almost 3 years ago

#148 - Bump path-parse from 1.0.6 to 1.0.7

Pull Request - State: open - Opened by dependabot[bot] almost 3 years ago
Labels: dependencies

#147 - Disable x-xss-protection by default

Pull Request - State: open - Opened by jiheon-dev almost 3 years ago

#146 - Bump cli from 0.4.5 to 1.0.1

Pull Request - State: open - Opened by dependabot[bot] over 3 years ago
Labels: dependencies

#145 - Updating csrf config to allow passing type of match

Pull Request - State: closed - Opened by maxmil7 over 3 years ago - 1 comment

#144 - Extra value types for xframe

Pull Request - State: closed - Opened by linkRace over 3 years ago - 3 comments

#143 - Rename csrf blacklist/whitelist configs

Issue - State: closed - Opened by JevinAnderson over 3 years ago - 1 comment

#142 - Setting CSRF token on the blacklisted routes.

Issue - State: open - Opened by ohpyupi over 3 years ago

#141 - lusca.xframe value - "ALLOW-FROM uri" is obselete

Issue - State: open - Opened by kruthivijay31 almost 4 years ago

#140 - Change whitelist/blacklist to allowlist/blocklist

Pull Request - State: closed - Opened by linkRace about 4 years ago - 4 comments

#139 - Cookie “XSRF-TOKEN” will be soon rejected

Issue - State: open - Opened by miclill about 4 years ago - 1 comment

#138 - Change CSRF-Token name

Issue - State: open - Opened by molerat619 about 4 years ago

#136 - Nonce is not being generated

Issue - State: open - Opened by danielcl over 4 years ago - 2 comments

#135 - CSRF token missing at app.use(lusca.csrf())

Issue - State: closed - Opened by darklight147 over 4 years ago

#134 - How skip api css js avoid redundant?

Issue - State: open - Opened by lichspace over 4 years ago

#133 - lusca requires req.session

Issue - State: open - Opened by matharuajay almost 5 years ago

#132 - Fix #128: CSRF whitelist or blacklist multiple endpoints.

Pull Request - State: closed - Opened by gladchinda almost 5 years ago

#131 - DNS Rebinding protection

Issue - State: open - Opened by brannondorsey over 5 years ago

#130 - refactor csrf blacklist/whitelist code

Pull Request - State: closed - Opened by polunzh almost 6 years ago

#129 - Fix #128: CSRF whitelist or blacklist multiple endpoints.

Pull Request - State: closed - Opened by gladchinda almost 6 years ago - 4 comments

#128 - CSRF blacklist and whitelist not working as expected for multiple endpoints.

Issue - State: closed - Opened by gladchinda almost 6 years ago - 1 comment

#127 - Is helmet needed with lusca?

Issue - State: closed - Opened by khaledosman almost 6 years ago - 2 comments

#125 - req.locals.nonce -> res.locals.nonce

Pull Request - State: closed - Opened by theel0ja about 6 years ago - 1 comment

#124 - X-XSS-Protection report uri

Issue - State: open - Opened by theel0ja about 6 years ago - 1 comment

#123 - Support CSRF black/white listing on URL params

Issue - State: open - Opened by mjy78 about 6 years ago - 2 comments

#122 - fix blacklist or whitelist judge error

Pull Request - State: closed - Opened by Priccc about 6 years ago - 1 comment

#121 - fix csrf balcklist/whitelist shouldBypass check

Pull Request - State: closed - Opened by relifeted about 6 years ago - 2 comments

#120 - fix csrf balcklist/whitelist shouldBypass check

Pull Request - State: closed - Opened by relifeted about 6 years ago - 1 comment

#119 - Exempting XSRF-TOKEN for some requests

Issue - State: closed - Opened by beshad over 6 years ago - 2 comments

#118 - Allows CSRF whitelist and blacklist

Pull Request - State: closed - Opened by linkRace over 6 years ago - 1 comment

#117 - csrf http2 token validation fails while http1 passes

Issue - State: closed - Opened by avoidwork over 6 years ago - 2 comments

#116 - CSRF error status code

Issue - State: open - Opened by zisiszikos over 6 years ago - 3 comments

#115 - DDOS - does lusca contains protection from ddos attacks

Issue - State: open - Opened by maxprog over 6 years ago - 2 comments
Labels: question

#114 - Add style/script directive if nonce is true

Pull Request - State: closed - Opened by kumarrishav over 6 years ago - 3 comments

#113 - Update README.md to replace a P3P 404 link

Pull Request - State: closed - Opened by m0uneer almost 7 years ago - 1 comment

#112 - Nonce typo and match store

Pull Request - State: closed - Opened by linkRace almost 7 years ago - 1 comment

#111 - Updates so style-src is replaced properly on subsequent calls

Pull Request - State: closed - Opened by danbehar almost 7 years ago - 1 comment

#110 - Add support for CSP nonces

Pull Request - State: closed - Opened by linkRace almost 7 years ago

#109 - CSRF: Move from 10 Bytes to 9 or 12.

Issue - State: open - Opened by jagracey almost 7 years ago

#108 - updates supported node versions, updates license, removes maintainer

Pull Request - State: closed - Opened by gabrielcsapo almost 7 years ago

#107 - update tests and dependencies

Issue - State: closed - Opened by gabrielcsapo almost 7 years ago

#106 - Are resave and saveUninitialized options for sessions required?

Issue - State: open - Opened by sbking almost 7 years ago

#105 - CSRF:how to provide a specific list of urls for check-CSRF to ignore

Issue - State: closed - Opened by finmily about 7 years ago - 1 comment

#104 - Allow CSRF cookie options to be set

Pull Request - State: closed - Opened by stgogm about 7 years ago - 8 comments

#103 - Allow CSRF cookie options to be set

Pull Request - State: closed - Opened by stgogm about 7 years ago - 1 comment

#102 - Put in return to suppress promise warning

Pull Request - State: closed - Opened by nstuyvesant over 7 years ago - 2 comments

#100 - Add header option to csrf config

Pull Request - State: closed - Opened by stgogm over 7 years ago - 1 comment

#99 - Support for Referrer-Policy header

Pull Request - State: closed - Opened by effrenus over 7 years ago - 1 comment

#98 - |

Issue - State: closed - Opened by SensationSama over 7 years ago

#97 - Error: CSRF token mismatch

Issue - State: closed - Opened by erbridge over 7 years ago - 3 comments

#96 - Added license badge to README.md

Pull Request - State: closed - Opened by cmelone over 7 years ago

#95 - How to get XSRF token before first post request

Issue - State: open - Opened by ghost over 7 years ago - 5 comments

#94 - Update eBay license to PayPal license

Pull Request - State: closed - Opened by vertex over 7 years ago - 1 comment

#93 - Lusca + Angular2 Problems

Issue - State: closed - Opened by vgogov over 7 years ago - 3 comments

#92 - how to allow bypass security from one route

Issue - State: closed - Opened by luisfusim almost 8 years ago - 2 comments

#91 - Use lower case header can improve 3x performance

Pull Request - State: closed - Opened by fengmk2 almost 8 years ago - 6 comments

#90 - socket.io Content-Security-Policy Host

Issue - State: open - Opened by theage almost 8 years ago - 3 comments

#89 - Lusca and nginx best practices

Issue - State: open - Opened by titoesteves almost 8 years ago - 3 comments

#88 - Basic Security with Node, Express and Lusca

Issue - State: open - Opened by ghost about 8 years ago - 1 comment

#87 - travis to build on latest node

Pull Request - State: closed - Opened by suryagh about 8 years ago - 4 comments

#86 - use double hmac comparision for tokens

Pull Request - State: closed - Opened by suryagh about 8 years ago - 6 comments

#85 - Shouldn't be a space in nosniff

Pull Request - State: closed - Opened by linkRace about 8 years ago - 1 comment

#84 - Remove dependency and add grunt-cli

Pull Request - State: closed - Opened by geek about 8 years ago - 7 comments

#83 - No sniff test

Pull Request - State: closed - Opened by linkRace about 8 years ago - 2 comments

#82 - Update README.md

Pull Request - State: closed - Opened by linkRace about 8 years ago - 1 comment

#81 - Update README with nosniff

Pull Request - State: closed - Opened by linkRace about 8 years ago

#80 - Version Bump

Pull Request - State: closed - Opened by linkRace about 8 years ago - 1 comment

#79 - Change csp api to handle more directives

Pull Request - State: closed - Opened by jasisk about 8 years ago - 3 comments

#78 - Secure csrf

Issue - State: open - Opened by mrazvan21 over 8 years ago - 6 comments

#77 - Adding nosniff Header

Pull Request - State: closed - Opened by linkRace over 8 years ago - 10 comments

#76 - Handle request cookie in order to get csrf token.

Pull Request - State: closed - Opened by Jule- over 8 years ago - 8 comments

#75 - Update README.md

Pull Request - State: closed - Opened by ghost over 8 years ago - 2 comments

#73 - use postman in chrome found error : CSRF token missing

Issue - State: open - Opened by simdm over 8 years ago - 12 comments

#72 - Add support for arrays in CSP

Pull Request - State: closed - Opened by giladgo over 8 years ago - 5 comments

#71 - Feature/improve csp support

Pull Request - State: closed - Opened by turboMaCk over 8 years ago - 9 comments

#70 - CSRF token missing for enctype="multipart/form-data"

Issue - State: closed - Opened by erbridge over 8 years ago - 4 comments

#69 - support for CSP's block-all-mixed-content

Issue - State: closed - Opened by turboMaCk over 8 years ago - 1 comment
Labels: enhancement

#68 - Invalidate CSRF token

Issue - State: open - Opened by kumarmugu over 8 years ago - 7 comments

#67 - feat(CSP): Added optional custom impl function that creates a report-uri

Pull Request - State: open - Opened by mstuart over 8 years ago - 4 comments

#66 - fix to get lusca work with client-session library

Pull Request - State: closed - Opened by muthu-cs almost 9 years ago - 3 comments

#65 - lusca with client-sesson fails

Issue - State: closed - Opened by muthu-cs almost 9 years ago - 3 comments

#64 - REST API sessionless

Issue - State: closed - Opened by fondberg almost 9 years ago - 2 comments

#63 - CSRF Hooks

Issue - State: open - Opened by uptownhr almost 9 years ago - 1 comment

#62 - CSRF: Disable error log?

Issue - State: open - Opened by uptownhr almost 9 years ago - 1 comment

#61 - CSRF Query

Issue - State: open - Opened by gabeio almost 9 years ago - 18 comments

#59 - Add bypass csrf validation for post first applications

Pull Request - State: closed - Opened by shaunwarman almost 9 years ago - 12 comments

#58 - Error: CSRF token missing

Issue - State: open - Opened by makromat about 9 years ago - 11 comments

#54 - Error: CSRF token missing

Issue - State: closed - Opened by anjali-chadha about 9 years ago - 9 comments

#50 - add grunt-cli as devDep

Pull Request - State: closed - Opened by jasisk about 9 years ago

#47 - Remove "engineStrict" in preparation for npm 3+

Issue - State: open - Opened by totherik over 9 years ago - 17 comments

#35 - p3p value unclear

Issue - State: open - Opened by knownasilya almost 10 years ago - 1 comment