@fastify/jwt - npm Package Compare versions

Comparing version 8.0.0 to 8.0.1

package.json

		{
		"name": "@fastify/jwt",
		"version": "8.0.0",
		"version": "8.0.1",
		"description": "JWT utils for Fastify",
		@@ -37,3 +37,3 @@ "main": "jwt.js",
		"@lukeed/ms": "^2.0.0",
		"fast-jwt": "^3.3.2",
		"fast-jwt": "^4.0.0",
		"fastify-plugin": "^4.0.0",
		@@ -49,3 +49,3 @@ "steed": "^1.1.3"
		"tap": "^16.0.0",
		"tsd": "^0.30.0"
		"tsd": "^0.31.0"
		},
		@@ -52,0 +52,0 @@ "publishConfig": {

README.md

		@@ -265,3 +265,3 @@ # @fastify/jwt

		In some situations you may want to store a token in a cookie. This allows you to drastically reduce the attack surface of XSS on your web app with the [`httpOnly`](https://wiki.owasp.org/index.php/HttpOnly) and `secure` flags. Cookies can be susceptible to CSRF. You can mitigate this by either setting the [`sameSite`](https://www.owasp.org/index.php/SameSite) flag to `strict`, or by using a CSRF library such as [`@fastify/csrf`](https://www.npmjs.com/package/@fastify/csrf).
		In some situations you may want to store a token in a cookie. This allows you to drastically reduce the attack surface of XSS on your web app with the [`httpOnly`](https://owasp.org/www-community/HttpOnly) and `secure` flags. Cookies can be susceptible to CSRF. You can mitigate this by either setting the [`sameSite`](https://owasp.org/www-community/SameSite) flag to `strict`, or by using a CSRF library such as [`@fastify/csrf`](https://www.npmjs.com/package/@fastify/csrf).

		@@ -268,0 +268,0 @@ Note: This plugin will look for a decorated request with the `cookies` property. [`@fastify/cookie`](https://www.npmjs.com/package/@fastify/cookie) supports this feature, and therefore you should use it when using the cookie feature. The plugin will fallback to looking for the token in the authorization header if either of the following happens (even if the cookie option is enabled):

New alerts