Skip to content

Releases: SamuraiWTF/musashi-js

v2.0.1 - Fixing CORS 2.0 bugs

27 Aug 15:49
@mgillam mgillam
v2.0.1
e5b26d3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
v2.0.1 - Fixing CORS 2.0 bugs Latest
Latest

CORS Demonstrator

Bugfixes

  • corsClientHost value was only passed when revealing the solution. Is now always included, so that it's available in the scenario and goal sections of the template.
Assets 2
Loading

2.0 CORS Rewrite

27 Aug 13:58
@mgillam mgillam
v2.0.0
f0a5b4a
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
2.0 CORS Rewrite

Features

CORS Demonstrator

  • Now uses the .env to get hostnames for both the client and API portions.
  • Client now points at the API host specified in the .env by default. Override has been moved to the new Settings page.
  • Renaming of policy buttons on Home page to set clearer expectations.
  • Regex/Pattern policy on Home is no longer intentionally flawed. It uses a dynamic pattern based the client hostname specified in the .env and allows subdomains of that host.
  • Two exercises added to CORS demonstrator with student challenges related to incorrectly implemented origin validation regexes.
  • Minor project-branding/look changes.
  • .env can specify USE_TLS true or false, which affects the URLs used to access the API. This does not enable TLS on the listener, as its current incarnation is intended for use through a reverse proxy.

CSP Demonstrator

  • Minor project-branding/look changes.
Assets 2
Loading

Original Buildout

24 Aug 21:11
@mgillam mgillam
v1.0
c321e24
Compare
Choose a tag to compare
Original Buildout

Features

  • CORS Demonstrator with 3 Pre-defined Policies
  • CSP Demonstrator with 1 exercise for bypass
Assets 2
Loading