crumb - npm Package Compare versions

Comparing version 4.0.2 to 4.0.3

lib/index.js

@@ -43,3 +43,7 @@ // Load modules
 
-    Joi.assert(options, internals.schema, 'Invalid crumb options');
+    var validateOptions = internals.schema.validate(options);
+    if (validateOptions.error) {
+        return next(validateOptions.error);
+    }
+
     var settings = Hoek.applyToDefaults(internals.defaults, options);
@@ -46,0 +50,0 @@

package.json

 {
   "name": "crumb",
   "description": "CSRF crumb generation and validation plugin",
-  "version": "4.0.2",
+  "version": "4.0.3",
   "repository": "git://github.com/hapijs/crumb",
@@ -6,0 +6,0 @@ "bugs": {

README.md

@@ -31,3 +31,3 @@ ![crumb Logo](https://raw.github.com/hapijs/crumb/master/images/crumb.png)
 * 'restful' - RESTful mode that validates crumb tokens from "X-CSRF-Token" request header for POST, PUT, PATCH and DELETE server routes. Disables payload/query crumb validation (defaults to false)
-* 'skip' - a function with the signature of function (request reply) {}, which when provided, is called for every request. If the provided function returns true, validation and generation of crumb is skipped (defaults to false)
+* 'skip' - a function with the signature of `function (request, reply) {}`, which when provided, is called for every request. If the provided function returns true, validation and generation of crumb is skipped (defaults to false)
 * 'allowOrigins' - an array of origins to set crumb cookie on if CORS is enabled. Supports '\*' wildcards for domain segments and port ie '\*.domain.com' or 'domain.com:\*'. '\*' by itself is not allowed. Defaults to the server's `cors.origin` setting by default
@@ -34,0 +34,0 @@

test/index.js

@@ -261,2 +261,21 @@ // Load modules
 
+    it('should fail to register with bad options', function (done) {
+
+        var server = new Hapi.Server();
+        server.connection();
+
+        server.register({
+            register: Crumb,
+            options: {
+                foo: 'bar'
+            }
+        }, function(err) {
+
+            expect(err).to.exist();
+            expect(err.name).to.equal('ValidationError');
+            expect(err.message).to.equal('foo is not allowed');
+            done();
+        });
+    });
+
     it('route uses crumb when route.config.plugins.crumb set to true and autoGenerate set to false', function (done) {
@@ -379,7 +398,8 @@
 
-        expect(function () {
-
-            server.register({ register: Crumb, options: { allowOrigins: ['*'] } }, function (err) {});
-        }).to.throw(/Invalid crumb options/);
-        done();
+        server.register({ register: Crumb, options: { allowOrigins: ['*'] } }, function (err) {
+            expect(err).to.exist();
+            expect(err.name).to.equal('ValidationError');
+            expect(err.message).to.equal('allowOrigins position 0 contains an excluded value');
+            done();
+        });
     });
@@ -386,0 +406,0 @@

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

115217

increased by0.62%

Lines of code

870

increased by2.35%

No dependency changes