Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

crumb

Package Overview
Dependencies
Maintainers
2
Versions
46
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

crumb - npm Package Compare versions

Comparing version 3.0.1 to 3.1.0

9

lib/index.js

@@ -20,3 +20,4 @@ // Load modules

},
restful: false // Set to true for X-CSRF-Token header crumb validation. Disables payload/query validation
restful: false, // Set to true for X-CSRF-Token header crumb validation. Disables payload/query validation
skip: false // Set to a function which returns true when to skip crumb generation and validation
};

@@ -43,2 +44,8 @@

// If skip function enabled. Call it and if returns true, do not attempt to do anything with crumb.
if (settings.skip && typeof settings.skip === 'function' && settings.skip(request, reply)) {
return reply();
}
// Validate incoming crumb

@@ -45,0 +52,0 @@

5

package.json
{
"name": "crumb",
"description": "CSRF crumb generation and validation plugin",
"version": "3.0.1",
"version": "3.1.0",
"author": "Eran Hammer <eran@hueniverse.com> (http://hueniverse.com)",
"contributors": [
"Marcus Stong <stongo@gmail.com>",
"Nathan LaFreniere <quitlahok@gmail.com>"
"Nathan LaFreniere <quitlahok@gmail.com>",
"Tom Steele <thomasjsteele@gmail.com>"
],

@@ -10,0 +11,0 @@ "repository": "git://github.com/hapijs/crumb",

1

README.md

@@ -18,2 +18,3 @@ <a href="https://github.com/hapijs"><img src="https://raw.github.com/hapijs/spumko/master/images/from.png" align="right" /></a>

* 'restful' - RESTful mode that validates crumb tokens from "X-CSRF-Token" request header for POST, PUT, PATCH and DELETE server routes. Disables payload/query crumb validation (defaults to false)
* 'skip' - a function with the signature of function (request reply) {}, which when provided, is called for every request. If the provided function returns true, validation and generation of crumb is skipped (defaults to false)

@@ -20,0 +21,0 @@ Additionally, some configuration can be passed on a per-route basis

59

test/index.js

@@ -309,2 +309,59 @@ // Load modules

});
});
it('does not validate crumb when "skip" option returns true', function (done) {
var server5 = new Hapi.Server();
server5.route([
{
method: 'POST', path: '/1', handler: function (request, reply) {
return reply('test');
}
}
]);
var skip = function (request, reply) {
return request.headers['x-api-token'] === 'test';
};
server5.pack.register({ plugin: require('../'), options: { skip: skip }}, function (err) {
expect(err).to.not.exist;
var headers = {};
headers['X-API-Token'] = 'test';
server5.inject({ method: 'POST', url: '/1', headers: headers }, function (res) {
expect(res.statusCode).to.equal(200);
var header = res.headers['set-cookie'];
expect(header).to.not.contain('crumb');
done();
});
});
});
it('ensures crumb validation when "skip" option is not a function', function (done) {
var server6 = new Hapi.Server();
server6.route([
{
method: 'POST', path: '/1', handler: function (request, reply) {
return reply('test');
}
}
]);
var skip = true;
server6.pack.register({ plugin: require('../'), options: { skip: skip }}, function (err) {
expect(err).to.not.exist;
var headers = {};
headers['X-API-Token'] = 'not-test';
server6.inject({ method: 'POST', url: '/1', headers: headers }, function (res) {
expect(res.statusCode).to.equal(403);
done();
});
});
});
});
LICENSE

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc