egg-security icon indicating copy to clipboard operation
egg-security copied to clipboard
verified publisher icon eggjs

feat: csrf support check origin header with referer type

Open anthinkingcoder opened this issue 5 years ago • 1 comments

Checklist
  • [x] npm test passes
  • [x] tests and/or benchmarks are included
  • [ ] documentation is changed or added
  • [x] commit message follows commit guidelines
Affected core subsystem(s)
Description of change

csrf防范应该也可以通过检查Origin头来验证来源。具体可看 Identifying Source Origin (via Origin/Referer header)

anthinkingcoder avatar Jul 10 '20 09:07 anthinkingcoder

Codecov Report

Merging #69 into master will not change coverage. The diff coverage is 100.00%.

Impacted file tree graph

@@           Coverage Diff           @@
##           master      #69   +/-   ##
=======================================
  Coverage   95.89%   95.89%           
=======================================
  Files          32       32           
  Lines         560      560           
=======================================
  Hits          537      537           
  Misses         23       23
Impacted Files Coverage Δ
app/extend/context.js 97.22% <100.00%> (ø)

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 79c38e0...51d0223. Read the comment docs.

codecov[bot] avatar Jul 10 '20 09:07 codecov[bot]