Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

@mashroom/mashroom-helmet

Package Overview
Dependencies
Maintainers
1
Versions
85
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@mashroom/mashroom-helmet - npm Package Versions

1
79

1.4.4

Diff

Changelog

Source

1.4.4 (May 4, 2020)

  • Upgraded libraries with known vulnerabilities
  • Default Login Webapp: Renamed the redirect query parameter to redirectUrl
  • Portal: The logout route accepts now a redirectUrl parameter with the page that should be redirected to after revoking the authentication (default is still the Site's index page)
jkofler
published 1.4.3 •

Changelog

Source

1.4.3 (May 2, 2020)

  • Portal: Keep query parameters when redirecting to default site
  • OIDC Security Provider: Added a rejectUnauthorized config property for Identity Providers with self-signed certificates
  • Portal: Fixed mapping of email property in the portalAppSetup
jkofler
published 1.4.2 •

Changelog

Source

1.4.2 (April 25, 2020)

  • Security Provider: Added new method getApiSecurityHeaders(req, targetUri) that allows it to add security headers to backend/API calls. Useful to add extra user context or access tokens to backend requests.
  • Portal: Removed the REST proxy property sendRoles because the concept of permissions should be used in backends as well.
  • Portal: If the REST proxy property sendUserHeaders is true the following headers will be sent additionally with each REST request:
    • X-USER-DISPLAY-NAME
    • X-USER-EMAIL
  • Portal: Fixed mapping Sites to virtual hosts when the frontend base path is /
  • Virtual host path mapper: Added a config property to explicitly set the http headers that should be considered (default is x-forwarded-host) to determine the actual host
jkofler
published 1.4.1 •

Changelog

Source

1.4.1 (April 20, 2020)

  • Added a virtual host path mapper plugin: Allows it to map internal paths based on virtual hosts and web apps to get the actual "frontend path" to generate absolute links at the same time. Can be used to expose Portal Sites to virtual hosts like so:

    https://www.my-company.com/new-portal -> http://internal-portal-host/portal/web

    For this example configure your reverse proxy to forward calls from https://www.my-company.com/public to http://internal-portal-host/ and additionally configure the new plugin like this:

    "Mashroom VHost Path Mapper Middleware": {
      "hosts": {
        "www.my-company.com": {
          "frontendBasePath": "/new-portal",
            "mapping": {
              "/login": "/login",
              "/": "/portal/web"
            }
         }
      }
    }
    
jkofler
published 1.4.0 •

Changelog

Source

1.4.0 (April 6, 2020)

  • Portal: The sites work now completely independent (all URLs are relative to <portal_path>/<site_path>). That means in particular you can have both public sites and private (protected) sites at the same time with an ACL configuration like this:
      {
        "/portal/public-site/**": {
          "*": {
            "allow": "any"
          }
      }
      "/portal/**": {
        "*": {
          "allow": {
            "roles": ["Authenticated"]
          }
        }
      }
    }
    
  • Security: Extended the ACL rules:
    • "any" is now a possible value for allow/deny; this matches also anonymous users which is useful for public sub-pages
    • it is now possible to pass an object to allow/deny with a list of roles and ip addresses
    {
      "/portal/**": {
        "*": {
          "allow": {
            "roles": ["Authenticated"],
            "ips": ["10.1.2.*", "168.**"]
          },
          "deny": {
            "ips": ["1.2.3.4"]
          }
        }
      }
    }
    
  • Security: Added a new method canAuthenticateWithoutUserInteraction() to the Security Provider interface that allows it to check if a user could be logged in silently on public pages, which could be desirable
  • Security: Added a new config property to the mashroom-security plugin that allows to forward specific query parameters to the authorization system (e.g. a hint which identity provider to use):
    "Mashroom Security Services": {
       "provider": "Mashroom Security Simple Provider",
       "forwardQueryHintsToProvider": ["kc_idp_hint"]
    }
    
  • Portal: Fixed anonymous access to pages
  • Added OpenID Connect security provider
  • Angular Demo Portal App: Works now with AOP and the Ivy Compiler
  • External MQTT Messaging Provider: Supports now MQTT 5
  • Removed support for Node 8
  • Added MongoDB storage provider
  • Security: The middleware regenerates the session now before and after a login instead of destroying it. Because session.destroy() removes the request.session property completely but some security provider might need a session during authentication.
jkofler
published 1.3.2 •

Changelog

Source

1.3.2 (February 22, 2020)

  • File Storage: Locking works now also on NFS correctly
  • Removed log statements that could expose passwords
jkofler
published 1.3.1 •

Changelog

Source

1.3.1 (February 8, 2020)

  • Remote App Registry Kubernetes: Show all Kubernetes services matching the pattern and a proper error message if no portal apps could be found. Remove portal apps after some time if the Kubernetes services disappeared.
  • Remote App Registry: Added plugin config property to hide the Add a new Remote Portal App Endpoint form from the Admin UI
  • Remote App Registry: Moved config properties from the Mashroom Portal Remote App Registry Webapp plugin to the Mashroom Portal Remote App Registry plugin where it belongs (BREAKING CHANGE)
jkofler
published 1.3.0 •

Changelog

Source

1.3.0 (January 27, 2020)

  • Portal: Fixed broken IE11 support
  • Portal: Admin Toolbar cleanup and small fixes
  • Added support for messaging via AMQP (Advanced Messaging Queuing) protocol, supported by almost all message brokers (RabbitMQ, Qpid, ActiveMQ, Artemis, Azure Service Bus, ...)
  • Added Remote Portal App registry that automatically scans Kubernetes namespaces for apps
  • Tabify App: The tab buttons have now a new attribute (data-app-ref) that contains the id of the corresponding app wrapper div. This is useful for end-2-end tests to determine if an app is visible.
  • Sandbox App: Fixed loading of portal apps with bootstrap methods that don't return anything
  • Core: Made it possible to use environment variables in server and plugin configuration. If the config value is a valid template string it gets evaluated and the environment variables are accessible through the env object. Example:
    {
        "name": "${env.USER}'s Mashroom Server",
        "port": 5050
    }
    
  • Added TypeScript definitions for all API's. Works now similar than with flow:
      // index.ts
      import {MashroomPortalAppPluginBootstrapFunction} from '@mashroom/mashroom-portal/type-definitions';
      const bootstrap: MashroomPortalAppPluginBootstrapFunction = (hostElement, portalAppSetup, portalClientServices) => {
        // ...
      }
    
jkofler
published 1.2.3 •

Changelog

Source

1.2.3 (January 11, 2020)

  • Core: Added health checks that can for example be used as readiness/liveness probes in Kubernetes (/mashroom/health)
  • Core: Moved Admin UI from /mashroom to /mashroom/admin
  • Svelte based demo Portal App added
  • Sandbox App: Loads now also shared resources properly
  • Portal: When a portal app gets unloaded all its message bus listeners will automatically be unregistered (in case the app does not unregister the listeners properly on onmount)
jkofler
published 1.2.2 •

Changelog

Source

1.2.2 (December 7, 2019)

  • Forward query parameters to the index page
  • Upgraded some dependencies because of security vulnerabilities
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc