Security News
tea.xyz Spam Plagues npm and RubyGems Package Registries
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
cordova-plugin-pinnedhttps
Advanced tools
Readme
A phonegap plugin that will allow you to make HTTPS requests with certificate fingerprint verification
phonegap plugin add cordova-plugin-pinnedhttps
This plugin compiles and has been tested as part of an other project (a cordova app).
NOTE: This plugin doesn't follow HTTP redirections
/*
The `fingerprints` parameter must either be a string or an array of
strings; each string must be an SHA1 or SHA256 hash. (SHA1 and SHA256 cannot
be mixed)
When the plugins check the identity of a host, it first checks the fingerprint of the last certificate in the chain. If it doesn't match, goes up the chain and checks the certificate above it. The process can repeat up to the root certificate.
This allows you check either for a specific certificate, or a certificate authority that you trust.
Note that some sites use multiple certificates (on the same hostname), and some others use cross-signed certificates. These cases might trigger "INVALID_CERT" errors
*/
var https = new navigator.httpsBuilder(fingerprints);
https.get('https://yoursite.tld/yourpath', function(err, res){
if (err){
//Handle errors here. err is a string
if (err == 'INVALID_CERT'){
//Certificate found on server doesn't match the provided fingerprint
} else {
//Other kinds of connection errors. Error messages are listed below
}
} else {
res.statusCode //Number
res.headers //Object
res.body //String
}
});
var reqOptions = {method:'post', host:'yoursite.tld', path: '/yourpath', [port: 443], [headers: {header1: 'value1', header2: 'value2'}], [body: {}]};
https.request(reqOptions, function(err, res){
if (err){
//Handle errors here. err is a string
if (err == 'INVALID_CERT'){
//Certificate found on server doesn't match the provided fingerprint
} else {
//Other kinds of connection errors. Error messages are listed below
}
} else {
res.statusCode //Number
res.headers //Object
res.body //String
}
});
NOTE : With https.request
, if returnBuffer
is defined in the reqOptions
, then res.body
will be returned as an Uint8Array
Error message | Meaning |
---|---|
INVALID_PARAMS | Invalid parameters |
INVALID_URL | Invalid URL |
INVALID_METHOD | Invalid HTTP method |
INVALID_HEADERS | Invalid options.headers parameter |
INVALID_BODY | Invalid options.body parameter |
INVALID_CERT | Invalid certificate found on server |
CANT_CONNECT | Can't connect to the server |
TIMEOUT | Connection timeout |
INTERNAL_ERROR | Internal error |
tests
folder cordova plugin add https://github.com/LockateMe/cordova-plugin-pinnedhttps.git#:/tests
This plugin is distributed under the terms of the MIT license.
FAQs
A Cordova plugin allowing you to make https requests, with (fingerprint-based) certificate pinning
The npm package cordova-plugin-pinnedhttps receives a total of 59 weekly downloads. As such, cordova-plugin-pinnedhttps popularity was classified as not popular.
We found that cordova-plugin-pinnedhttps demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.