Public_Tools/wavelog
2
0
Fork 0
mirror of https://github.com/wavelog/wavelog.git synced 2026-03-22 10:24:14 +00:00
Code Issues Packages Projects Releases Wiki Activity

Changing JWT low-security to alg none check only. DOCS ok

Browse Source
This commit is contained in:
HadleySo
2026-03-19 22:33:17 -05:00
parent d3f22710aa
commit df355ebd7d
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
application/controllers/Header_auth.php
View File

@@ -202,8 +202,8 @@ class Header_auth extends CI_Controller {
return null;
}
$alg = $header['alg'] ?? '';
if (!in_array($alg, ['RS256', 'RS384', 'RS512', 'ES256', 'ES384'], true)) {
$alg = $header['alg'] ?? 'none';
if ($alg == "none") {
log_message('error', 'SSO Authentication: Algorithm "' . $alg . '" is not allowed.');
return null;
}