github ulsklyc/oikos v0.19.1
v0.19.1 - iOS PWA Session/CSRF Fixes
on GitHub

latest releases: v0.55.6, v0.55.5, v0.55.4...
one month ago

Fixed

  • iOS PWA: "Forbidden" errors after app resume - CSRF cookie was not renewed on /auth/me (the first API call after iOS kills and restarts the standalone webapp). iOS aggressively purges cookies of background webapps, causing CSRF token mismatch on all subsequent POST/PUT/DELETE requests
  • CSRF middleware hardening - added try-catch and hex validation to prevent server crash from corrupted token cookies
  • API client: automatic CSRF retry - state-changing requests that fail due to stale CSRF tokens are now transparently retried after renewing the token
  • Service Worker: iOS blank page fix - added 200ms delay before controllerchange reload to let the new SW complete clients.claim()

Full Changelog: v0.19.0...v0.19.1

Check out latest releases or
releases around ulsklyc/oikos v0.19.1

Don't miss a new oikos release

NewReleases is sending notifications on new releases.

Get notifications