phoenix
Advanced tools
Changelog
1.7.12 (2024-04-11)
[phx.gen.auth] Add enhanced session fixation protection.
For applications whichs previously used phx.gen.auth, the following line can be added to the renew_session function in the auth module:
defp renew_session(conn) do
+ delete_csrf_token()
conn
|> configure_session(renew: true)
|> clear_session()
Note: because the session id is in a http-only cookie by default, the only way to perform this attack prior to this change is if your application was already vulnerable to an XSS attack, which itself grants more escalated "privileges” than the CSRF fixation.
Readme
Peace of mind from prototype to production.
See the official site at https://www.phoenixframework.org/.
Install the latest version of Phoenix by following the instructions at https://hexdocs.pm/phoenix/installation.html#phoenix.
Phoenix requires Elixir v1.11+ & Erlang v22.1+.
API documentation is available at https://hexdocs.pm/phoenix.
Phoenix.js documentation is available at https://hexdocs.pm/phoenix/js.
We appreciate any contribution to Phoenix. Check our CODE_OF_CONDUCT.md and CONTRIBUTING.md guides for more information. We usually keep a list of features and bugs in the issue tracker.
You can create a new project using the latest Phoenix source installer (the phx.new Mix task) with the following steps:
phx_new archives so that Mix will pick up the local source code. This can be done with mix archive.uninstall phx_new or by simply deleting the file, which is usually in ~/.mix/archives/.git clone https://github.com/phoenixframework/phoenix or by downloading itphx.new Mix task from within the installer directory, for example:cd phoenix/installer
mix phx.new dev_app --dev
The --dev flag will configure your new project's :phoenix dep as a relative path dependency, pointing to your local Phoenix checkout:
defp deps do
[{:phoenix, path: "../..", override: true},
To create projects outside of the installer/ directory, add the latest archive to your machine by following the instructions in installer/README.md
To build the documentation from source:
npm install --prefix assets
MIX_ENV=docs mix docs
To build Phoenix from source:
mix deps.get
mix compile
To build the Phoenix installer from source:
mix deps.get
mix compile
mix archive.build
cd assets
npm install
Visit Phoenix's sponsor, DockYard, for expert Phoenix Consulting
Copyright (c) 2014, Chris McCord.
Phoenix source code is licensed under the MIT License.
FAQs
The official JavaScript client for the Phoenix web framework.
The npm package phoenix receives a total of 203,055 weekly downloads. As such, phoenix popularity was classified as popular.
We found that phoenix demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.
Security News
UnitedHealth Group disclosed that the ransomware attack on Change Healthcare compromised protected health information for millions in the U.S., with estimated costs to the company expected to reach $1 billion.