Comments (4)
I need cookie to protect static assets (js, css, svg, images...) that you don't load using js and so can't alter the headers sent on the request. Also there is now SameSite
attribute to protect againt CSRF.
I've started working on it, I'll open a PR once I'm done.
from mod_authnz_jwt.
It could be viable although a token-based authentication is not usually using cookies. As browser does not replay the "Authorization" header by itself when you have multiple tabs on the same domain, you are safe against CSRF attacks. By using cookie, you will be exposed.
from mod_authnz_jwt.
Ok perfect. Thanks for contributing.
from mod_authnz_jwt.
@ghetolay how has this been going? I briefly looked through your changes and things seem pretty well in place.
It has been a while since my C days, but I would love to help out if you need it.
from mod_authnz_jwt.
Related Issues (20)
- Pass JWT via URL param, not in the Authorization header HOT 3
- Centos issues with mod_authnz_jwt
- Invalid command 'AuthJWTDeliveryType' HOT 1
- How to implement in docker HOT 3
- Using with Docker HOT 1
- Module accepts any issuer and expiration HOT 3
- Incorrect call to ap_log_rerror()
- AuthJWTProvider ldap with Require ldap-group HOT 1
- Missing Authorization header even though one is set HOT 2
- AH55204: auth_jwt authn: the expected parameter user is missing, aborting authentication HOT 1
- Valid tokens stop being accepted HOT 1
- Just a question about /login HOT 4
- Erreneously complains: Decoding process has failed, token is either malformed or signature is invalid HOT 2
- Windows support? HOT 1
- Installation does not work on OpenSuse Leap 15.2 / 15.3 because of apache module naming glitch
- Supported version of mod_authnz_jwt HOT 2
- How do I forward to another page after login? HOT 1
- Duplicate requests and Index not working HOT 2
- Decoding process has failed, token is either malformed or signature is invalid
- We are able to generate the token but not able to set the required environment variables with data stored in DB. Used AuthJWTProvider dbd technique
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from mod_authnz_jwt.