Add algorithm and security notice (#285)

* Add algorithm and security notice Signed-off-by: Matteo Collina <hello@matteocollina.com> * Update README.md Co-authored-by: Aras Abbasi <aras.abbasi@googlemail.com> Signed-off-by: Matteo Collina <matteo.collina@gmail.com> * Update README.md Co-authored-by: Aras Abbasi <aras.abbasi@googlemail.com> Signed-off-by: Matteo Collina <matteo.collina@gmail.com> * Update README.md Co-authored-by: Frazer Smith <frazer.dev@outlook.com> Signed-off-by: Matteo Collina <matteo.collina@gmail.com> --------- Signed-off-by: Matteo Collina <hello@matteocollina.com> Signed-off-by: Matteo Collina <matteo.collina@gmail.com> Co-authored-by: Aras Abbasi <aras.abbasi@googlemail.com> Co-authored-by: Frazer Smith <frazer.dev@outlook.com>
fastify · Apr 22, 2024 · 70bf13f · 70bf13f
1 parent e41c436
commit 70bf13f
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/README.md b/README.md
@@ -96,8 +96,16 @@ fastify.get('/', (req, reply) => {
   - An `Array` can be passed if key rotation is desired. Read more about it in [Rotating signing secret](#rotating-secret).
   - More sophisticated cookie signing mechanisms can be implemented by supplying an `Object`. Read more about it in [Custom cookie signer](#custom-cookie-signer).
 
+- `hook`: the [Fastify Hook](https://fastify.dev/docs/latest/Reference/Lifecycle/#lifecycle) to register the parsing of cookie into. Default: `onRequest`.
+
+- `algorithm`: the [algorithm](https://nodejs.org/api/crypto.html#cryptogethashes) to use to sign the cookies. Default: `sha256`.
+
 - `parseOptions`: An `Object` to modify the serialization of set cookies.
 
+### :warning: Security Considerations :warning:
+
+It is recommended to use `sha256` or stronger hashing algorithm as well as a `secret` that is at least 20 bytes long.
+
 #### parseOptions
 
 ##### domain