Skip to content

v2.0.0
Compare
Choose a tag to compare
@mrts mrts released this 27 Jan 14:31
· 26 commits to main since this release
v2.0.0
This tag was signed with the committer’s verified signature.
mrts Mart Sõmermaa
GPG key ID: 86B611CE24492160
Verified
Learn about vigilant mode.
b3dd602

v2.0.0 is a major backwards incompatible release.

In web-eid.js API version 1, the authenticate() and sign() functions took URLs as parameters and the network requests to the website back end were performed inside the extension. This had many benefits, including reduced surface for XSS attacks, additional internal security checks and control over the interaction flow with the user. However, the network requests indirectly caused a Cross-Origin Resource Sharing (CORS) vulnerability in Firefox.

To mitigate the CORS vulnerability in Firefox, the web-eid.js API version 2 no longer handles network requests internally; the website developer is expected to perform the requests instead.

Upgrade instructions are available here.

Changes

See the list of changes in the v2.0.0 milestone.

Backwards incompatible changes

All API function signatures have changed in v2.0.0, see upgrade instructions.

Packages

The v2.0.0 NPM package is available in the Web eID GitLab NPM package registry.

Assets 2
Loading