You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I have a query and it's related to encryption of the cookies. As of now in case of signed cookies, I can see express module is using the cookie value as it is without tampering it and only appending HMAC encoding technique to sign the cookie using cookie-signature module.
We can also implement cookie encryption for localhost development (http) as a new feature/option having a secret supplied by the user which will provide a more secured way of cookie creation and transmission from server to client and vice versa.
Is this feature/option already in draft or if anyone has been already assigned? In case if not, could you assign this work to me so that I will work towards it and contribute to this module.
Let me know if this new feature/option works for you?
The text was updated successfully, but these errors were encountered:
sarraf1996
changed the title
Add encryption as a new feature to the signed cookies
Add encryption as a new feature/option to the signed cookies
Sep 28, 2024
sarraf1996
changed the title
Add encryption as a new feature/option to the signed cookies
Add encryption as a new feature/option to the cookies provided with secret
Sep 28, 2024
We would for sure accept and review a PR for this. Although I am not sure I understand why local development would need this feature.
secret supplied by the user which will provide a more secured way of cookie creation and transmission from server to client and vice versa.
The point here in local development is that the request never leaves your machine, so I don't think I understand the need for this in that case. You can already steal or modify your own cookies.
I have a query and it's related to encryption of the cookies. As of now in case of signed cookies, I can see
express
module is using the cookie value as it is without tampering it and only appending HMAC encoding technique to sign the cookie usingcookie-signature
module.We can also implement cookie encryption for localhost development (http) as a new feature/option having a secret supplied by the user which will provide a more secured way of cookie creation and transmission from server to client and vice versa.
Is this feature/option already in draft or if anyone has been already assigned? In case if not, could you assign this work to me so that I will work towards it and contribute to this module.
Let me know if this new feature/option works for you?
The text was updated successfully, but these errors were encountered: