All notable changes to this project will be documented in this file, in reverse chronological order by release.
- Bug fix for undefined index when no anti-csrf token is found
- PSR1 & PSR2 coding style
Double submit pattern with json alternative is only relevant when Branca/JWT is in a http-only cookie. It's particularly
true for JWT who have no-encrypted payload. In http-only cookie, you payload is safe but unsafe again CSRF attack.
- Anti-csrf value is
- can be found in a anti-csrf cookie (manually setted from client with a different name than original cookie)
- can be found in header
- can be found in request parameter
- Jwt/Branca should be always in http-only cookie (it's different for oAuth)
- Refactor some line of code to match with this pattern
- Add unpacking method for MessagePack format
- Anti csrf can be find in header
- Cookie option is now anticsrf option
- More test
- Only double submit check for unsafe methods
- Refactor to PHP 7.1
- PSR-7 and PSR-15 support
- Minor improvement
- Add support PSR-3 logger
- Add error message
- New sets of tests
- Some code modification
- Stable release
- New tag for packagiste
- New payload parameter
- Passing decoded token in parameter
- Major bug fix
- Support for Branca/JWT Authentication Middleware
- Unit test