v9 -> v10
oidcSpa({
browserRuntimeFreeze: { enabled: true },
tokenSubstitution: {
enabled: true,
- trustedThirdPartyResourceServers: ["s3.amazonaws.com"],
+ trustedExternalResourceServers: [
+ "*.{{location.hostname.split('.').slice(-2).join('.')}}",
+ "s3.amazonaws.com"
+ ]
},
+ DPoP: { mode: "auto" /* or "enforced" */}
}); createOidc({ // or bootstrapOidc({
// ...
- dpop: "auto"
}) import { oidcEarlyInit } from "oidc-spa/entrypoint";
-import { enableTokenSubstitution } from "oidc-spa/token-substitution";
+import { browserRuntimeFreeze } from 'oidc-spa/browser-runtime-freeze';
+import { DPoP } from 'oidc-spa/DPoP';
+import { tokenSubstitution } from 'oidc-spa/token-substitution';
const { shouldLoadApp } = oidcEarlyInit({
- browserRuntimeFreeze: { enabled: true },
- extraDefenseHook: () => {
- enableTokenSubstitution({
- trustedThirdPartyResourceServers: ["s3.amazonaws.com"]
- });
- }
+ securityDefenses: {
+ ...browserRuntimeFreeze({
+ //excludes: [ "fetch", "XMLHttpRequest", "Promise"]
+ }),
+ ...DPoP({ mode: 'auto' }),
+ ...tokenSubstitution({
+ trustedExternalResourceServers: [
+ "s3.amazonaws.com",
+ `*.${location.hostname.split('.').slice(-2).join('.')}`,
+ ],
+ }),
+ }
});Last updated
Was this helpful?