@sap/xssec
Advanced tools
Comparing version 3.3.2 to 3.3.3
# Change Log | ||
All notable changes to this project will be documented in this file. | ||
## 3.3.3 - 2023-08-08 | ||
- Send either both x-app_tid & x-client_id headers or none of them to IAS /certs endpoint to prevent bad request | ||
## 3.3.2 - 2023-07-28 | ||
@@ -5,0 +8,0 @@ - restore backward-compatibility feature: use cleanUpPemKey function on verification keys to support PEM with missing line breaks- |
@@ -251,11 +251,9 @@ 'use strict'; | ||
if (app_tid) { | ||
if (app_tid && attributes && attributes.clientId) { | ||
// these two headers must be present both at the same time or not at all to prevent bad requests | ||
options.headers["x-app_tid"] = app_tid; | ||
options.headers["x-client_id"] = attributes.clientId; | ||
} | ||
if (attributes) { | ||
if(attributes.clientId) { | ||
options.headers["x-client_id"] = attributes.clientId; | ||
} | ||
if (attributes) { | ||
if (attributes.correlationId) { | ||
@@ -262,0 +260,0 @@ options.headers[CORRELATIONID_HEADER] = attributes.correlationId; |
{ | ||
"name": "@sap/xssec", | ||
"version": "3.3.2", | ||
"version": "3.3.3", | ||
"description": "XS Advanced Container Security API for node.js", | ||
@@ -5,0 +5,0 @@ "main": "./lib", |
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
149542
7
2319