public/owltide
1
0
Fork 0
Code Issues 2 Pull requests Projects Releases Packages 1 Wiki Activity Actions
owltide/server
History
Hornwitser c9976af26b Include the name of the cookie in the signature 
If a cookie is signed for one purpose, but the server also uses a
differently named signed cookie name for another purpose, then it's
possible for a malicious client to substitute the value of one signed
cookie with the value of another and have it pass the signature check.

Include the name of the cookie when computing the signature so that no
cookies signed for example for "user_session" can be used as a value for
a hypothetical "admin_session" cookie.
2025-05-20 00:36:10 +02:00
..
api Read vapid details from runtime config 2025-05-20 00:22:28 +02:00
utils Include the name of the cookie in the signature 2025-05-20 00:36:10 +02:00
database.ts Add create account functionality 2025-03-07 23:53:57 +01:00
generate-demo-schedule.ts Assign crew randomly in demo schedule 2025-03-15 20:26:43 +01:00
streams.ts Filter crew events to only be visible for crew 2025-03-10 16:26:52 +01:00
tsconfig.json Convert indents to tabs 2025-03-01 17:06:41 +01:00
web-push.ts Read vapid subject from the environment 2025-05-20 00:25:28 +02:00