eggjs/egg-security

Issues

• csrf 中间件 invalid csrf token 时，能否加一个option 来选择是否 rotate 来刷新 token？

  #97 opened 5 months ago by hongzzz
  1

• 能不能从新的版本中将对IP这个包的引用去除掉？

  #94 opened 5 months ago by Harvey1976
  6

• 我现在项目使用漏洞检查OpenSCA扫描出来egg-security下面的“ip”依赖包有漏洞需要需升高版本“Remediation Upgrade `ip` to version 1.1.9, 2.0.1 or higher.”

  #92 opened 6 months ago by LinhoonYu
  2

• 不安全地址补充

  #91 opened 8 months ago by TangTang25
  5

• 为啥cookie中没有生成csrftoken，csrf用的默认配置

  #90 opened 9 months ago by ccbyland
  0

• egg-security中通过中间件设置一些安全头对egg-static不起作用，看起来是egg-static的中间件先执行直接响应了body, 导致 egg-security的中间件没机会执行，这个顺序有办法调整么？

  #85 opened a year ago by WormGirl
  10

• 有个疑问，这里为什么不进行签名呢？

  #87 opened a year ago by sullay
  1

• X-Frame-Options咨询

  #84 opened a year ago by suyizhang
  0

• ipBlackList and ipExceptionList should support ipv6

  #83 opened 2 years ago by fengmk2
  0