Yarik
6096dadcca
Merge pull request #294 from mozilla/revert-290-sec-fix-payload-verification
...
Revert "Security fix"
2024-04-02 16:31:49 +02:00
Yarik
0388a5d1bf
Revert "Security fix"
2024-04-02 16:26:00 +02:00
Yarik
01f3d35479
Merge pull request #292 from mozilla/chore/codeql-v2
...
Migrate CodeQL to V2
2023-07-10 13:04:53 +02:00
Yaraslau Kurmyza
bbf6563385
Migrate CodeQL to V2
...
V1 was deprecated: https://github.blog/changelog/2023-01-18-code-scanning-codeql-action-v1-is-now-deprecated/
2023-07-10 10:25:39 +02:00
Yarik
b175ee27e4
Merge pull request #290 from chrisdlangton/sec-fix-payload-verification
...
Security fix
2023-07-10 10:24:10 +02:00
Yarik
8a344af0b4
Apply suggestions from code review
2023-07-07 13:37:35 +02:00
Yarik
fe746ef1e5
Merge pull request #291 from thusoy/mac-before-expiry
...
Validate bewit MAC before expiry
2023-06-15 19:30:34 +02:00
Tarjei Husøy
85f525a3f3
Validate MAC before expiry
...
Checking expiry before validating the MAC means that we are passing
untrusted values into parseInt, which might have unintended
consequences (also consider other languages that copy the algorithm
here since this is the reference implementation). This is only done
in the wrong order for bewit validation, regular header auth already
checks the MAC first.
Had to update the other expiry test since it apparently didn't have a
valid MAC.
2023-06-14 15:04:15 +02:00
chris
adeb7e7e2a
feat(crypto)!: Deprecate calculateMac replaced by calculateServerMac or generateRequestMac
2023-06-10 23:08:05 +10:00
Yaraslau Kurmyza
f1426e4712
Fix host parsing
2022-05-03 18:14:53 +02:00
Matt Boris
d10d72ca82
Merge pull request #286 from lotas/regex-exploit-fix
...
Parse URLs using stdlib
2022-05-03 11:11:35 -04:00
Yaraslau Kurmyza
ade134119b
Parse URLs using stdlib
2022-05-02 18:55:21 +02:00
Dustin J. Mitchell
aa5e09e8e2
9.0.0
2020-12-11 17:30:38 +00:00
Dustin J. Mitchell
c61eeddb2a
Merge pull request #279 from mozilla/remove-browser
...
Remove remnants of the browser-specific version
2020-12-11 12:28:52 -05:00
Dustin J. Mitchell
0b684f4368
Remove remnants of the browser-specific version
...
Users of this library in a browser are expected to build it with
webpack, and that has been the case since 7.1.0 (mozilla/hawk#253 ).
2020-12-08 22:13:03 +00:00
Dustin J. Mitchell
09d27b099e
Merge pull request #277 from mozilla/issue276
...
Do not require @hapi/sntp anymore
2020-11-02 11:43:29 -05:00
Dustin J. Mitchell
51c08e2a57
Do not require @hapi/sntp anymore
...
This removes a Node-specific dependency from the packge, allowing its
use in a browser context (via webpack or the like).
This is a breaking change for users of SNTP, but the change is
straightforward. For those using this functionality, note that
@hapi/sntp is no longer maintained.
2020-10-28 18:44:02 +00:00
Dustin J. Mitchell
cf105e0a56
fix require() in API.js
2020-10-23 16:30:45 +00:00
Dustin J. Mitchell
58ba9c867d
Merge pull request #275 from mozilla/issue272
...
remove Hapi plugin
2020-10-23 09:58:34 -04:00
Dustin J. Mitchell
86d68ecbe0
remove Hapi plugin
2020-10-22 22:28:21 +00:00
Dustin J. Mitchell
764c97ee89
8.0.1
2020-10-22 22:18:32 +00:00
Dustin J. Mitchell
2621007b1a
some history
2020-10-22 22:17:32 +00:00
Dustin J. Mitchell
866e8cb77f
Merge pull request #274 from mozilla/issue273
...
switch from Travis-CI to Taskcluster (and drop multiple HAPI checks)
2020-10-22 18:08:34 -04:00
Dustin J. Mitchell
4772624a7d
switch from Travis-CI to Taskcluster (and drop multiple HAPI version checks)
2020-10-22 22:07:48 +00:00
Dustin J. Mitchell
668dd86a8f
add repo files ( fixes #271 )
2020-10-22 21:40:06 +00:00
Dustin J. Mitchell
71668bcddc
link to API in README
2020-10-22 20:56:13 +00:00
Dustin J. Mitchell
ae552b5698
Create codeql-analysis.yml
2020-10-22 16:41:03 -04:00
Eran Hammer
791b5814e7
Update package.json
2020-10-22 12:47:05 -07:00
Eran Hammer
d1f3f59b71
Update README.md
2020-10-22 12:26:58 -07:00
Eran Hammer
1e4d7f0b97
8.0.0
2020-01-09 21:30:07 -08:00
Eran Hammer
dd54922ce4
Update deps. Closes #267 . Closes #268
2020-01-09 21:30:00 -08:00
Eran Hammer
bbd672b0a5
Merge pull request #266 from nwhitmont/master
...
Add link to changelog in README
2020-01-05 12:18:58 -08:00
nwhitmont
ae9d31c561
add link to changelog
2020-01-03 16:24:22 -08:00
nwhitmont
8a4110edd3
delete changelog
2020-01-03 16:23:56 -08:00
Eran Hammer
ea45382153
Merge pull request #263 from jarrodyellets/master
...
Update README to new template
2019-10-08 18:49:30 -07:00
Jarrod Yellets
0605ba1667
Update README to new template
2019-10-07 09:42:48 +02:00
Nicolas Morel
f9012b9585
Merge pull request #262 from jarrodyellets/master
...
Move Readme to API
2019-09-26 14:23:07 +02:00
jarrodyellets
fbf2463270
Move Readme to API
2019-09-26 13:59:16 +02:00
Eran Hammer
2de3ad8a0d
Update README.md
2019-09-17 12:13:09 -07:00
Eran Hammer
fe970646a4
Closes #152
2019-09-17 01:41:04 -07:00
Eran Hammer
95b4263604
7.1.2
2019-09-14 23:04:06 -07:00
Eran Hammer
c52428a961
For #258
2019-09-14 23:04:02 -07:00
Eran Hammer
61458a5049
Merge pull request #258 from salarelv/master
...
Checks correctly routes auth strategy
2019-09-14 23:03:02 -07:00
Eran Hammer
f455587c08
7.1.1
2019-08-15 06:54:19 +00:00
Eran Hammer
52a8dd8b44
Update deps. Closes #261
2019-08-15 06:54:16 +00:00
salarelv
0d93c8cf61
Update lib/plugin.js
...
Co-Authored-By: devin ivy <devin@bigroomstudios.com>
2019-07-04 08:41:31 +03:00
salarelv
8f9d56b203
Checks correctly routes auth strategy
...
When setting the default auth strategy hawk didn't respect that and crashed with: TypeError: Cannot read property 'payload' of undefined
2019-07-04 00:22:00 +03:00
Eran Hammer
39797fc54e
Update .travis.yml
2019-04-24 23:21:07 -07:00
Eran Hammer
3e8ae0096e
Update README.md
2019-04-24 20:09:29 -07:00
Eran Hammer
eca9781360
Update README.md
2019-04-24 20:07:12 -07:00