sourcefuse / loopback4-helmet Goto Github PK
View Code? Open in Web Editor NEWA loopback4 extension for helmetjs integration
License: MIT License
A loopback4 extension for helmetjs integration
License: MIT License
Describe the bug
Describe the bug
A clear and concise description of what the bug is.
To Reproduce
Steps to reproduce the behavior:
Configure application, put this.component(Loopback4HelmetComponent);
Setup bind
this.bind(HelmetSecurityBindings.CONFIG).to({
referrerPolicy: {
policy: 'same-origin',
},
contentSecurityPolicy: {
directives: {
frameSrc: ["'self'"],
},
},
});
In a sequence constructor
@Inject(HelmetSecurityBindings.HELMET_SECURITY_ACTION)
protected helmetAction: HelmetAction,
Handle
await this.helmetAction(request, response);
When I try to request any endpoint I receive error:
GET /api/v1/animal/1/10?sort=order&direction=asc failed with status code 500. TypeError: Cannot read property 'constructor' of null
Expected behavior
The expectation is to intercept all requests and use this for security, mainly avoiding XSS attacks
@loopback/cli version: 3.0.0
Describe the bug
Changes for semantic-release
when dependencies are updated with chore type new version is not released
To Reproduce
try updating the dependencies using chore(deps)
Expected behavior
when dependencies are updated with chore type new version must be released
Describe the bug
Cross origin Error in Application, but api-explorer works fine
To Reproduce
Steps to reproduce the behavior:
In application.ts file :-
this.bind(HelmetSecurityBindings.CONFIG).to({
referrerPolicy: {
policy: 'same-origin',
},
contentSecurityPolicy: {
directives: {
frameSrc: ["'self'"],
},
},
});
Also throw has been blocked by CORS policy: Response header
Describe the bug
Loopback version update
Is your feature request related to a problem? Please describe.
Node v14 reaching its end of life this month. Loopback removes support for node v14 in all of its packages we depend on.
Sourceloop packages/services also currently have v12 and v14 as the supported versions.
Describe the solution you'd like
Remove the support for node v14 and v12. And add the support for the latest LTS version v18.
Describe alternatives you've considered
__
Additional context
__
master
branch failed. 🚨I recommend you give this issue a high priority, so other packages depending on you can benefit from your bug fixes and new features again.
You can find below the list of errors reported by semantic-release. Each one of them has to be resolved in order to automatically publish your package. I’m sure you can fix this 💪.
Errors are usually caused by a misconfiguration or an authentication problem. With each error reported below you will find explanation and guidance to help you to resolve it.
Once all the errors are resolved, semantic-release will release your package the next time you push a commit to the master
branch. You can also manually restart the failed CI job that runs semantic-release.
If you are not sure how to resolve this, here are some links that can help you:
If those don’t help, or if this issue is reporting something you think isn’t right, you can always ask the humans behind semantic-release.
The npm token configured in the NPM_TOKEN
environment variable must be a valid token allowing to publish to the registry https://registry.npmjs.org/
.
If you are using Two Factor Authentication for your account, set its level to "Authorization only" in your account settings. semantic-release cannot publish with the default "
Authorization and writes" level.
Please make sure to set the NPM_TOKEN
environment variable in your CI with the exact value of the npm token.
Good luck with your project ✨
Your semantic-release bot 📦🚀
Describe the bug
loopback version update
To have a consistent header in all sourceloop packages.
Reference readme: https://www.npmjs.com/package/@sourceloop/cache
Is your feature request related to a problem? Please describe.
Describe the solution you'd like
Changes in the node property of package.json
This will be a breaking change.
Is your feature request related to a problem? Please describe.
Adding semantic release for automatic release of packages.
Describe the solution you'd like
Using npm semantic-release
Describe alternatives you've considered
Additional context
Describe the bug
Loopback version updates.
Describe the bug
Right now Issue description is not visible in the changelog
To Reproduce
Steps to reproduce the behavior:
Describe the bug
Update lb4 dependencies in the package
For further information refer to the link below:
sourcefuse/loopback4-soft-delete#197
Is your feature request related to a problem? Please describe.
After the sourceloop release processes regression on jenkins the release of packages needs to be done locally.
Describe the solution you'd like
Set up a manually dispatch-able github action to publish releases.
Describe alternatives you've considered
The possible alternate is to publish packages locally but that requires keeping the credentials environment already setup.
Additional context
__
Is your feature request related to a problem? Please describe.
A clear and concise description of what the problem is. Ex. I'm always frustrated when [...]
Your documentation is outdated. It still assumes people use the Action based sequence, but that's deprecated. The LB4 CLI generates Middleware sequences now, but you don't have instructions for that.
Describe the solution you'd like
A clear and concise description of what you want to happen.
Please provide up-to-date instruction on how to use this with Loopback 4. How to use this component in a Middleware sequence?
The LB4 documentation on this is insufficient and confusing.
Describe alternatives you've considered
A clear and concise description of any alternative solutions or features you've considered.
Additional context
Add any other context or screenshots about the feature request here.
Describe the bug
While putting the following code in sequence.ts file
export class MySequence implements SequenceHandler {
@Inject(SequenceActions.INVOKE_MIDDLEWARE, {optional: true})
protected invokeMiddlewareN: InvokeMiddleware = () => false;
constructor(
@Inject(SequenceActions.FIND_ROUTE) protected findRoute: FindRoute,
@Inject(SequenceActions.PARSE_PARAMS) protected parseParams: ParseParams,
@Inject(SequenceActions.INVOKE_METHOD) protected invoke: InvokeMethod,
@Inject(SequenceActions.SEND) public send: Send,
@Inject(SequenceActions.REJECT) public reject: Reject,
@Inject(HelmetSecurityBindings.HELMET_SECURITY_ACTION)
protected helmetAction: HelmetAction,
) { }
async handle(context: RequestContext) {
const requestTime = Date.now();
try {
const {request, response} = context;
const route = this.findRoute(request);
const args = await this.parseParams(request, route);
// Helmet Action here
//await this.helmetAction(request, response);
const result = await this.invoke(route, args);
this.send(response, result);
} catch (err) {
console.log();
} finally {
console.log();
}
}
}
I am getting an error
"Resolution Error: The key 'sf.security.helmet.actions' is not bound to any value in context RequestContext-gY0uhFUWRMyqzs2bXcksWw-3"
I want to use helmet for Strict Transport Security Policy and Cross Origin Resource Sharing Configuration, but I am stuck here only.
Please help me, I am new to loop back. Thank you in advance.
Describe the bug
loopback version update
Describe the bug
Add Sonar and Synk Badges
Describe the bug
Describe the bug
Test case coverage missing and not up to the mark
To Reproduce
We should have at least 75% unit test case coverage for this package.
Hi Team,
I am getting this error in application.ts while initialize the Loopback4HelmetComponent.
versions:
"@loopback/boot": "^3.4.2",
"@loopback/context": "^5.0.7",
"@loopback/core": "^2.16.2",
"@loopback/repository": "^3.7.1",
"@loopback/rest": "^10.0.0",
"@loopback/rest-explorer": "^3.3.2",
"@loopback/service-proxy": "^3.2.2",
"loopback4-helmet": "^4.2.0",
please help me on this issue.
Describe the bug
remove all current vulnerability of loopback4-helmet
To Reproduce
Steps to reproduce the behavior:
Expected behavior
A clear and concise description of what you expected to happen.
Screenshots
If applicable, add screenshots to help explain your problem.
Additional context
Add any other context about the problem here.
I am getting error in the following line
// Helmet Action here
await this.helmetAction(request, response);
Argument of type 'import("//node_modules/@types/express/index").Request<import("/home/surabhi/Documents/ /node_modules/@types/express-serve-static-core/index").ParamsDictionary, any, any, qs.ParsedQs, Record<string, any>>' is not assignable to parameter of type 'import /node_modules/@loopback/express/node_modules/@types/express/index").Request<import("//node_modules/@loopback/express/node_modules/@types/express-serve-static-core/index").ParamsDictionary, any, any, qs.ParsedQs, Record<...>>'.
The types of 'app.get' are incompatible between these types.
Type '((name: string) => any) & IRouterMatcher<Application, any>' is not assignable to type '((name: string) => any) & IRouterMatcher<Application<Record<string, any>>, any>'.
Type '((name: string) => any) & IRouterMatcher<Application, any>' is not assignable to type 'IRouterMatcher<Application<Record<string, any>>, any>'.
Types of parameters 'name' and 'path' are incompatible.
Type 'PathParams' is not assignable to type 'string'.
Type 'RegExp' is not assignable to type 'string'.ts(2345)
I appreciate your help.
Describe the bug
Loopback version updates
Describe the bug
Currently the issues and PR never closed even if inactive.
They should be closed automatically.
To Reproduce
Steps to reproduce the behavior:
Expected behavior
Inactive issues/Pr should be closed automatically.
Describe the bug
This issue is supposed to be used for all deps update and chore PRs.
Is your feature request related to a problem? Please describe.
Right now the changelog created for releases is not well in detail and informative.
Request to generate detailed changelog.
Describe the solution you'd like
Can use different npm packages available
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.