Ecosyste.ms: OpenCollective
An open API service for software projects hosted on Open Collective.
github.com/eggjs/egg-security
Security plugin for egg, force performance too.
https://github.com/eggjs/egg-security
feat: add hostnameExceptionList for ssrf
killagu opened this pull request 6 months ago
killagu opened this pull request 6 months ago
fix: use @eggjs/ip instead of ip
fengmk2 opened this pull request 6 months ago
fengmk2 opened this pull request 6 months ago
能不能从新的版本中将对IP这个包的引用去除掉?
Harvey1976 opened this issue 6 months ago
Harvey1976 opened this issue 6 months ago
feat: use ip@v2
fengmk2 opened this pull request 7 months ago
fengmk2 opened this pull request 7 months ago
我现在项目使用漏洞检查OpenSCA扫描出来egg-security下面的“ip”依赖包有漏洞需要需升高版本“Remediation Upgrade `ip` to version 1.1.9, 2.0.1 or higher.”
LinhoonYu opened this issue 7 months ago
LinhoonYu opened this issue 7 months ago
不安全地址补充
TangTang25 opened this issue 10 months ago
TangTang25 opened this issue 10 months ago
为啥cookie中没有生成csrftoken,csrf用的默认配置
ccbyland opened this issue 11 months ago
ccbyland opened this issue 11 months ago
test: fix test case fail on Node.js 20
fengmk2 opened this pull request 12 months ago
fengmk2 opened this pull request 12 months ago
feat: CSRF cookies allow the use of signatures
sullay opened this pull request 12 months ago
sullay opened this pull request 12 months ago
有个疑问,这里为什么不进行签名呢?
sullay opened this issue 12 months ago
sullay opened this issue 12 months ago
feat: context 中的 `isSafeDomain()` 函数增加自定义白名单参数
yisibl opened this pull request over 1 year ago
yisibl opened this pull request over 1 year ago
egg-security中通过中间件设置一些安全头对egg-static不起作用,看起来是egg-static的中间件先执行直接响应了body, 导致 egg-security的中间件没机会执行,这个顺序有办法调整么?
WormGirl opened this issue over 1 year ago
WormGirl opened this issue over 1 year ago
X-Frame-Options咨询
suyizhang opened this issue over 1 year ago
suyizhang opened this issue over 1 year ago
ipBlackList and ipExceptionList should support ipv6
fengmk2 opened this issue over 1 year ago
fengmk2 opened this issue over 1 year ago
feat: upgrade deps to latest versions
fengmk2 opened this pull request over 1 year ago
fengmk2 opened this pull request over 1 year ago
chore: auto release
fengmk2 opened this pull request about 2 years ago
fengmk2 opened this pull request about 2 years ago
feat: csrf cookie support cookieOptions
damujiangr opened this pull request over 2 years ago
damujiangr opened this pull request over 2 years ago
🐛 FIX: Add warning message on `false` value config
fengmk2 opened this pull request over 2 years ago
fengmk2 opened this pull request over 2 years ago
🐛 FIX: Should detect all rules before ignore on CSRF
fengmk2 opened this pull request over 2 years ago
fengmk2 opened this pull request over 2 years ago
deps: use nanoid@3
fengmk2 opened this pull request over 2 years ago
fengmk2 opened this pull request over 2 years ago
fix: should match script end tags like </script >
fengmk2 opened this pull request over 2 years ago
fengmk2 opened this pull request over 2 years ago
🤖 TEST: Run ci on GitHub Action
fengmk2 opened this pull request over 2 years ago
fengmk2 opened this pull request over 2 years ago
feat: Configurable csrf supported methods on request url level
Anemone95 opened this pull request over 2 years ago
Anemone95 opened this pull request over 2 years ago
[Snyk] Security upgrade nanoid from 2.1.11 to 3.1.31
snyk-bot opened this pull request almost 3 years ago
snyk-bot opened this pull request almost 3 years ago
feat: Check whether the value is legal Before setting the header
GuanyuChen opened this pull request about 3 years ago
GuanyuChen opened this pull request about 3 years ago
feat: use hostname checking csrf referer whitelist instead of host
hq5544 opened this pull request about 3 years ago
hq5544 opened this pull request about 3 years ago
add ssrf.ipExceptionList
ShadyZOZ opened this pull request over 3 years ago
ShadyZOZ opened this pull request over 3 years ago
feat: csrf support check origin header with referer type
anthinkingcoder opened this pull request over 4 years ago
anthinkingcoder opened this pull request over 4 years ago
docs: fix typos
viko16 opened this pull request over 4 years ago
viko16 opened this pull request over 4 years ago
feat: csrf support any, fix isSafeDomain bug
dead-horse opened this pull request over 4 years ago
dead-horse opened this pull request over 4 years ago
feat: config.cookieName support array
dead-horse opened this pull request over 4 years ago
dead-horse opened this pull request over 4 years ago
fixed: test case在新版node.js,content-length不能为空字符串
pusongyang opened this pull request almost 5 years ago
pusongyang opened this pull request almost 5 years ago
csrf开启useSession同时也写入Cookie,客户端可以沿用原来逻辑:从cookie中读取ctoken写入到httpheader,在服务端校验session中的值。
pusongyang opened this pull request almost 5 years ago
pusongyang opened this pull request almost 5 years ago
docs: typos & optimization
whxaxes opened this pull request almost 5 years ago
whxaxes opened this pull request almost 5 years ago
fix: use new URL instead of url.parse
dead-horse opened this pull request about 5 years ago
dead-horse opened this pull request about 5 years ago
chore: check origin/referrer header for identifying source origin
anthinkingcoder opened this pull request about 5 years ago
anthinkingcoder opened this pull request about 5 years ago
feat: add escapeShellArg and escapeShellCmd
p0sec opened this pull request about 5 years ago
p0sec opened this pull request about 5 years ago
style: fix document
brizer opened this pull request about 5 years ago
brizer opened this pull request about 5 years ago
fix: csrf false check
whxaxes opened this pull request over 5 years ago
whxaxes opened this pull request over 5 years ago
backport: csrf support referer
whxaxes opened this pull request over 5 years ago
whxaxes opened this pull request over 5 years ago
feat: csrf support referer type
whxaxes opened this pull request over 5 years ago
whxaxes opened this pull request over 5 years ago
chore: show contributors on README
fengmk2 opened this pull request almost 6 years ago
fengmk2 opened this pull request almost 6 years ago
deps: update packs and ignore lock file
ghost opened this pull request almost 6 years ago
ghost opened this pull request almost 6 years ago
test: use expectLog to assert log
fengmk2 opened this pull request almost 6 years ago
fengmk2 opened this pull request almost 6 years ago
fix: make sure domain is string before use it
fengmk2 opened this pull request almost 6 years ago
fengmk2 opened this pull request almost 6 years ago
fix require module name
Ashing opened this pull request almost 6 years ago
Ashing opened this pull request almost 6 years ago
fix: fix referrer-policy enum check
guoshencheng opened this pull request almost 6 years ago
guoshencheng opened this pull request almost 6 years ago
fix: shtml check domainWhiteList hostname get null
EliYao opened this pull request about 6 years ago
EliYao opened this pull request about 6 years ago
chore: improve npm scripts
ghost opened this pull request over 6 years ago
ghost opened this pull request over 6 years ago
refactor (shtml,cliFilter,sjs,README): Modifications of files
ghost opened this pull request over 6 years ago
ghost opened this pull request over 6 years ago
fix: preprocess config in app.js
dead-horse opened this pull request over 6 years ago
dead-horse opened this pull request over 6 years ago
doc (README.zh-CN.md, README.md): Fix typos and add missing trans
ghost opened this pull request over 6 years ago
ghost opened this pull request over 6 years ago
Fix: Make `domain` and `whiteList`, `protocalWhiteList` in the same lower case
ghost opened this pull request over 6 years ago
ghost opened this pull request over 6 years ago
fix: user secure random generator
ai opened this pull request over 6 years ago
ai opened this pull request over 6 years ago
utils (isSafeDomain): Use `matcher` to check for a wild character of a domain
ghost opened this pull request over 6 years ago
ghost opened this pull request over 6 years ago
doc: Translate from Chinese into English for several files for their comments
ghost opened this pull request over 6 years ago
ghost opened this pull request over 6 years ago
feat: should allow `options` http method
ghost opened this pull request over 6 years ago
ghost opened this pull request over 6 years ago
fix: disable nosniff on redirect status
fengmk2 opened this pull request over 6 years ago
fengmk2 opened this pull request over 6 years ago
fix: disable nosniff on redirect status
fengmk2 opened this pull request over 6 years ago
fengmk2 opened this pull request over 6 years ago
[feature] methodnoallow 支持配置禁止的 http method & 优化代码
Houfeng opened this pull request over 6 years ago
Houfeng opened this pull request over 6 years ago
fix: format illegal url
dead-horse opened this pull request over 6 years ago
dead-horse opened this pull request over 6 years ago
docs: update warning infomation for ignoreJSON
popomore opened this pull request over 6 years ago
popomore opened this pull request over 6 years ago
docs: fix SSRF link
popomore opened this pull request over 6 years ago
popomore opened this pull request over 6 years ago
feat: support safeCurl for SSRF protection
dead-horse opened this pull request over 6 years ago
dead-horse opened this pull request over 6 years ago
feat: support safeCurl for SSRF protection
dead-horse opened this pull request over 6 years ago
dead-horse opened this pull request over 6 years ago
fix: deprecate ignoreJSON
dead-horse opened this pull request over 6 years ago
dead-horse opened this pull request over 6 years ago
fix: deprecate ignoreJSON
dead-horse opened this pull request over 6 years ago
dead-horse opened this pull request over 6 years ago
fix: absolute path detect should ignore evil path
fengmk2 opened this pull request almost 7 years ago
fengmk2 opened this pull request almost 7 years ago
fix: absolute path detect should ignore evil path
fengmk2 opened this pull request almost 7 years ago
fengmk2 opened this pull request almost 7 years ago
feat: add refererpolicy support
jtyjty99999 opened this pull request almost 7 years ago
jtyjty99999 opened this pull request almost 7 years ago
domainWhiteList supports wildcard character(*)
codefine opened this pull request almost 7 years ago
codefine opened this pull request almost 7 years ago
refactor: use async function and support egg@2
dead-horse opened this pull request about 7 years ago
dead-horse opened this pull request about 7 years ago
fix: options method should be safe
sabakugaara opened this pull request over 7 years ago
sabakugaara opened this pull request over 7 years ago
fix(csrf): ignore json request even body not exist
dead-horse opened this pull request over 7 years ago
dead-horse opened this pull request over 7 years ago
feat: make session plugin optional
dead-horse opened this pull request over 7 years ago
dead-horse opened this pull request over 7 years ago
dominWhiteList supports '*' and [ '*' ]
brickyang opened this pull request over 7 years ago
brickyang opened this pull request over 7 years ago
fix: should not assert csrf when path match ignore
dead-horse opened this pull request over 7 years ago
dead-horse opened this pull request over 7 years ago
feat: add global path blocking to avoid directory traversal attack
jtyjty99999 opened this pull request over 7 years ago
jtyjty99999 opened this pull request over 7 years ago
docs: fix License url
popomore opened this pull request over 7 years ago
popomore opened this pull request over 7 years ago
feat: config.security.csrf.cookieDomain can be function
fengmk2 opened this pull request over 7 years ago
fengmk2 opened this pull request over 7 years ago
feat: cookie csrf token add appname
dead-horse opened this pull request over 7 years ago
dead-horse opened this pull request over 7 years ago
feat: use egg-path-matching to support fn
dead-horse opened this pull request over 7 years ago
dead-horse opened this pull request over 7 years ago
feat:support muiltiple query/body key to valid csrf token
jtyjty99999 opened this pull request almost 8 years ago
jtyjty99999 opened this pull request almost 8 years ago
feat: add ctx.rotateCsrfToken
dead-horse opened this pull request almost 8 years ago
dead-horse opened this pull request almost 8 years ago
refactor: add csrf faq url to error msg in local env
shaoshuai0102 opened this pull request almost 8 years ago
shaoshuai0102 opened this pull request almost 8 years ago
feat: surl support protocol whitelist
jtyjty99999 opened this pull request almost 8 years ago
jtyjty99999 opened this pull request almost 8 years ago
refactor: rewrite csrf
dead-horse opened this pull request almost 8 years ago
dead-horse opened this pull request almost 8 years ago
Ajax judgement
jtyjty99999 opened this pull request almost 8 years ago
jtyjty99999 opened this pull request almost 8 years ago
test: fix test
shaoshuai0102 opened this pull request almost 8 years ago
shaoshuai0102 opened this pull request almost 8 years ago
feat:support hash link in shtml
jtyjty99999 opened this pull request almost 8 years ago
jtyjty99999 opened this pull request almost 8 years ago
fix: make sure every middleware has name
fengmk2 opened this pull request over 8 years ago
fengmk2 opened this pull request over 8 years ago
feat:disable hsts for default
jtyjty99999 opened this pull request over 8 years ago
jtyjty99999 opened this pull request over 8 years ago
refactor: remove ctoken, csrf check all post/put/.. requests
dead-horse opened this pull request over 8 years ago
dead-horse opened this pull request over 8 years ago
fix: lower case header will get better performance
fengmk2 opened this pull request over 8 years ago
fengmk2 opened this pull request over 8 years ago
refactor: use setRawHeader
dead-horse opened this pull request over 8 years ago
dead-horse opened this pull request over 8 years ago
fix: disable hsts on local env
fengmk2 opened this pull request over 8 years ago
fengmk2 opened this pull request over 8 years ago