crumb - npm Package Compare versions
Comparing version 2.2.0 to 3.0.0
@@ -7,3 +7,3 @@ var Hapi = require('hapi'); | ||
| server.pack.require('../', { restful: true }, function(err) { | ||
| server.pack.register({ plugin: require('../'), options: { restful: true } }, function(err) { | ||
| if (err) throw err; | ||
@@ -10,0 +10,0 @@ }); |
@@ -7,3 +7,3 @@ var Hapi = require('hapi'); | ||
| engines: { | ||
| html: 'handlebars' | ||
| html: require('handlebars') | ||
| } | ||
@@ -15,3 +15,3 @@ } | ||
| server.pack.require('../', { cookieOptions: { isSecure: false } }, function (err) { | ||
| server.pack.register({ plugin: require('../'), options: { cookieOptions: { isSecure: false } } }, function (err) { | ||
| if (err) throw err; | ||
@@ -18,0 +18,0 @@ }); |
@@ -57,4 +57,5 @@ // Load modules | ||
| if (settings.autoGenerate || | ||
| request.route.plugins._crumb) { | ||
| if ((settings.autoGenerate || | ||
| request.route.plugins._crumb) && | ||
| !request.headers.origin) { | ||
@@ -61,0 +62,0 @@ generate(request, reply); |
| { | ||
| "name": "crumb", | ||
| "description": "CSRF crumb generation and validation plugin", | ||
| "version": "2.2.0", | ||
| "version": "3.0.0", | ||
| "author": "Eran Hammer <eran@hueniverse.com> (http://hueniverse.com)", | ||
@@ -33,3 +33,3 @@ "contributors": [ | ||
| "devDependencies": { | ||
| "hapi": "5.x.x", | ||
| "hapi": "6.x.x", | ||
| "handlebars": "1.3.x", | ||
@@ -36,0 +36,0 @@ "lab": "3.x.x" |
@@ -30,3 +30,3 @@ // Load modules | ||
| engines: { | ||
| html: 'handlebars' | ||
| html: require('handlebars') | ||
| } | ||
@@ -85,6 +85,12 @@ } | ||
| } | ||
| }, | ||
| { | ||
| method: 'GET', path: '/7', handler: function (request, reply) { | ||
| return reply(null).redirect('/1'); | ||
| } | ||
| } | ||
| ]); | ||
| server1.pack.require('../', { cookieOptions: { isSecure: true } }, function (err) { | ||
| server1.pack.register({ plugin: require('../'), options: { cookieOptions: { isSecure: true } } }, function (err) { | ||
@@ -151,5 +157,12 @@ expect(err).to.not.exist; | ||
| done(); | ||
| }); | ||
| }); | ||
| server1.inject({method: 'GET', url: '/7'}, function(res) { | ||
| var cookie = res.headers['set-cookie'].toString(); | ||
| expect(cookie).to.contain('crumb'); | ||
| done(); | ||
| }); | ||
| }); | ||
@@ -179,3 +192,3 @@ }); | ||
| server2.pack.require('../', { cookieOptions: { isSecure: true }, addToViewContext: false }, function (err) { | ||
| server2.pack.register({ plugin: require('../'), options: { cookieOptions: { isSecure: true }, addToViewContext: false } }, function (err) { | ||
@@ -207,3 +220,3 @@ expect(err).to.not.exist; | ||
| server3.pack.require('../', null, function (err) { | ||
| server3.pack.register({ plugin: require('../'), options: null }, function (err) { | ||
@@ -249,3 +262,3 @@ expect(err).to.not.exist; | ||
| server3.pack.require('../', { autoGenerate: false }, function (err) { | ||
| server3.pack.register({ plugin: require('../'), options: { autoGenerate: false } }, function (err) { | ||
@@ -267,2 +280,29 @@ expect(err).to.not.exist; | ||
| }); | ||
| it('does not set crumb cookie insecurely', function(done) { | ||
| var options = { | ||
| cors: true | ||
| } | ||
| var server4 = new Hapi.Server(options); | ||
| server4.route([ | ||
| { | ||
| method: 'GET', path: '/1', handler: function (request, reply) { | ||
| return reply('test'); | ||
| } | ||
| } | ||
| ]); | ||
| server4.pack.register({ plugin: require('../'), options: null }, function (err) { | ||
| expect(err).to.not.exist; | ||
| var headers = {}; | ||
| headers['Origin'] = '127.0.0.1' | ||
| server4.inject({ method: 'GET', url: '/1', headers: headers }, function (res) { | ||
| var header = res.headers['set-cookie']; | ||
| expect(header).to.not.contain('crumb'); | ||
| done(); | ||
| }); | ||
| }); | ||
| }); | ||
| }); |
@@ -30,3 +30,3 @@ // Load modules | ||
| engines: { | ||
| html: 'handlebars' | ||
| html: require('handlebars') | ||
| } | ||
@@ -101,3 +101,3 @@ } | ||
| server.pack.require('../', { restful: true, cookieOptions: { isSecure: true } }, function (err) { | ||
| server.pack.register({plugin: require('../'), options: { restful: true, cookieOptions: { isSecure: true } } }, function (err) { | ||
@@ -104,0 +104,0 @@ expect(err).to.not.exist; |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by4.17%
94878
- Number of package files
- increased by6.25%
17
- Lines of code
- increased by6.9%
511