Comments (8)
we're all waiting for this jshttp/proxy-addr#2 :)
from cookies.
Yes :) Sorry, just getting out some body parser improvements (like not corrupting non-utf-8 bodies) and a new connect/express cycle real quick :) the (basically new) proxy-addr
module was on my list right after creating depd
in order to deprecate it's old name ;0
from cookies.
Has there been any progress on this? This looks like a show-stopping issue for probably the most common large-deployment configuration.
from cookies.
As of 0.5.0, this module works fine behind a load balancer if you use it with Express; otherwise if you are not using Express, you can set req.protocol = 'https'
after you verify tat the request was HTTPS to your load balancer.
from cookies.
0.5.0 also works fine with koa
behind a load balancer. If you are using Express or koa, the key is you need to configure them to be aware of the load balancer.
from cookies.
Thanks, but this isn't actually working with Koa due to this: koajs/koa#320
As this issue details, the req.protocol === "https"
is never going to work since the req
object is from the http library and does not have a protocol
property. It is not a Koa request object.
Please add an option to disable this check. Not using secure cookies is a serious issue and is causing pen-testing failures for a typical reverse proxy configuration.
from cookies.
The problem here is that the check for "security" does not really make sense because there's just not enough information in the application itself to know if the request will be delivered to the user encrypted or not. I think it's bad logic and should be removed.
from cookies.
Is there any chance this will be fixed soon?
from cookies.
Related Issues (20)
- Getting cookies of a request without having to pass response argument HOT 2
- Set Domain in options is not working HOT 3
- request.connection is deprecated
- set cookie with ";" is broken and the "signed" property returns undefined HOT 2
- Release sameSite = none PR HOT 3
- Storing cookie value + signature in a unified cookie instead of cookie_name.sig HOT 1
- Using this with Http2stream HOT 3
- How to install? HOT 1
- Migrate to travis-ci.com HOT 1
- Support of Sha256 HOT 1
- TypeError: Cannot read property 'encrypted' of undefined HOT 1
- make setHeader compatible with fastify reply (patch included) HOT 2
- Cookie maxAge HOT 1
- Using "signed: ture" will set two cookies? HOT 3
- missing cookie option "Priority" HOT 1
- How to allow multiple domains for CookieOptions.domain
- Get a cookie in 2023 HOT 1
- How to set SameSite attribute for .sig? HOT 1
- Cookies Having Independent Partitioned State (CHIPS, also know as Partitioned cookies) HOT 2
- Cookie overwrite not working
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from cookies.