Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
crumb - npm Package Compare versions
Comparing version 4.0.3 to 4.0.4
@@ -23,3 +23,3 @@ // Load modules | ||
| skip: Joi.any().optional(), | ||
| allowOrigins: Joi.array().excludes(Joi.string().valid('*')).optional() | ||
| allowOrigins: Joi.array().items(Joi.string().valid('*').forbidden()).optional() | ||
| }); | ||
@@ -123,3 +123,3 @@ | ||
| if (!header) { | ||
| if (!header) { | ||
| return reply(Boom.forbidden()); | ||
@@ -126,0 +126,0 @@ } |
| { | ||
| "name": "crumb", | ||
| "description": "CSRF crumb generation and validation plugin", | ||
| "version": "4.0.3", | ||
| "version": "4.0.4", | ||
| "repository": "git://github.com/hapijs/crumb", | ||
@@ -9,3 +9,3 @@ "bugs": { | ||
| }, | ||
| "main": "index", | ||
| "main": "lib/index.js", | ||
| "keywords": [ | ||
@@ -25,3 +25,3 @@ "hapi", | ||
| "hoek": "2.x.x", | ||
| "joi": "4.x.x" | ||
| "joi": "6.x.x" | ||
| }, | ||
@@ -38,3 +38,4 @@ "peerDependencies": { | ||
| "scripts": { | ||
| "test": "make test-cov" | ||
| "test": "lab -r console -t 100 -a code -L", | ||
| "test-cov-html": "lab -r html -o coverage.html -a code -L" | ||
| }, | ||
@@ -41,0 +42,0 @@ "licenses": [ |
@@ -11,3 +11,3 @@ # Reporting a security bug | ||
| - Email [Marcus Stong](mailto:stongo@gmail.com) | ||
| - Give the Spumko team a heads up on IRC in #hapi on irc.freenode.net | ||
| - Give the hapi contributors a heads up on IRC in #hapi on irc.freenode.net | ||
@@ -14,0 +14,0 @@ Thank you for taking the time to disclose the issue to us. Your efforts and responsible disclosure are greatly appreciated! |
@@ -106,23 +106,23 @@ // Load modules | ||
| server.inject({ method: 'POST', url: '/2', payload: '{ "key": "value", "crumb": "' + cookie[1] + '" }', headers: { cookie: 'crumb=' + cookie[1] } }, function (res) { | ||
| server.inject({ method: 'POST', url: '/2', payload: '{ "key": "value", "crumb": "' + cookie[1] + '" }', headers: { cookie: 'crumb=' + cookie[1] } }, function (res1) { | ||
| expect(res.result).to.equal('valid'); | ||
| expect(res1.result).to.equal('valid'); | ||
| server.inject({ method: 'POST', url: '/2', payload: '{ "key": "value", "crumb": "x' + cookie[1] + '" }', headers: { cookie: 'crumb=' + cookie[1] } }, function (res) { | ||
| server.inject({ method: 'POST', url: '/2', payload: '{ "key": "value", "crumb": "x' + cookie[1] + '" }', headers: { cookie: 'crumb=' + cookie[1] } }, function (res2) { | ||
| expect(res.statusCode).to.equal(403); | ||
| expect(res2.statusCode).to.equal(403); | ||
| server.inject({ method: 'POST', url: '/3', headers: { cookie: 'crumb=' + cookie[1] } }, function (res) { | ||
| server.inject({ method: 'POST', url: '/3', headers: { cookie: 'crumb=' + cookie[1] } }, function (res3) { | ||
| expect(res.statusCode).to.equal(403); | ||
| expect(res3.statusCode).to.equal(403); | ||
| server.inject({ method: 'GET', url: '/4' }, function (res) { | ||
| server.inject({ method: 'GET', url: '/4' }, function (res4) { | ||
| expect(res.result).to.equal('<!DOCTYPE html><html><head><title>test</title></head><body><div><h1>hi</h1><h2></h2></div></body></html>'); | ||
| expect(res4.result).to.equal('<!DOCTYPE html><html><head><title>test</title></head><body><div><h1>hi</h1><h2></h2></div></body></html>'); | ||
| var TestStream = function (opt) { | ||
| Stream.Readable.call(this, opt); | ||
| this._max = 2; | ||
| this._index = 1; | ||
| Stream.Readable.call(this, opt); | ||
| this._max = 2; | ||
| this._index = 1; | ||
| }; | ||
@@ -145,18 +145,18 @@ | ||
| server.inject({ method: 'POST', url: '/5', payload: new TestStream(), headers: { 'content-type': 'application/octet-stream', 'content-disposition': 'attachment; filename="test.txt"' }, simulate: { end: true } }, function (res) { | ||
| server.inject({ method: 'POST', url: '/5', payload: new TestStream(), headers: { 'content-type': 'application/octet-stream', 'content-disposition': 'attachment; filename="test.txt"' }, simulate: { end: true } }, function (res5) { | ||
| expect(res.statusCode).to.equal(403); | ||
| expect(res5.statusCode).to.equal(403); | ||
| server.inject({method: 'GET', url: '/6'}, function(res) { | ||
| server.inject({ method: 'GET', url: '/6' }, function (res6) { | ||
| var header = res.headers['set-cookie']; | ||
| header = res6.headers['set-cookie']; | ||
| expect(header.length).to.equal(1); | ||
| expect(header[0]).to.contain('Secure'); | ||
| var cookie = header[0].match(/crumb=([^\x00-\x20\"\,\;\\\x7F]*)/); | ||
| expect(res.result).to.equal('<!DOCTYPE html><html><head><title></title></head><body><div><h1></h1><h2>' + cookie[1] + '</h2></div></body></html>'); | ||
| cookie = header[0].match(/crumb=([^\x00-\x20\"\,\;\\\x7F]*)/); | ||
| expect(res6.result).to.equal('<!DOCTYPE html><html><head><title></title></head><body><div><h1></h1><h2>' + cookie[1] + '</h2></div></body></html>'); | ||
| server.inject({method: 'GET', url: '/7'}, function(res) { | ||
| server.inject({ method: 'GET', url: '/7' }, function (res7) { | ||
| var cookie = res.headers['set-cookie'].toString(); | ||
| cookie = res7.headers['set-cookie'].toString(); | ||
| expect(cookie).to.contain('crumb'); | ||
@@ -167,5 +167,5 @@ | ||
| server.inject({method: 'GET', url: '/1', headers: headers}, function(res) { | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res8) { | ||
| var cookie = res.headers['set-cookie'].toString(); | ||
| cookie = res8.headers['set-cookie'].toString(); | ||
| expect(cookie).to.contain('crumb'); | ||
@@ -274,7 +274,7 @@ | ||
| } | ||
| }, function(err) { | ||
| }, function (err) { | ||
| expect(err).to.exist(); | ||
| expect(err.name).to.equal('ValidationError'); | ||
| expect(err.message).to.equal('foo is not allowed'); | ||
| expect(err.message).to.equal('"foo" is not allowed'); | ||
| done(); | ||
@@ -308,3 +308,3 @@ }); | ||
| { | ||
| method: 'GET', path: '/2', config: { plugins: { crumb: true } }, handler: function(request, reply) { | ||
| method: 'GET', path: '/2', config: { plugins: { crumb: true } }, handler: function (request, reply) { | ||
@@ -322,7 +322,7 @@ var crumb = request.plugins.crumb; | ||
| server.inject({ method: 'GET', url: '/1' }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1' }, function (res1) { | ||
| server.inject({ method: 'GET', url: '/2'}, function (res) { | ||
| server.inject({ method: 'GET', url: '/2' }, function (res2) { | ||
| var header = res.headers['set-cookie']; | ||
| var header = res2.headers['set-cookie']; | ||
| expect(header.length).to.equal(1); | ||
@@ -355,3 +355,3 @@ var cookie = header[0].match(/crumb=([^\x00-\x20\"\,\;\\\x7F]*)/); | ||
| server.register({ register: Crumb, options: { skip: skip }}, function (err) { | ||
| server.register({ register: Crumb, options: { skip: skip } }, function (err) { | ||
@@ -386,3 +386,4 @@ expect(err).to.not.exist(); | ||
| server.register({ register: Crumb, options: { skip: skip }}, function (err) { | ||
| server.register({ register: Crumb, options: { skip: skip } }, function (err) { | ||
| expect(err).to.not.exist(); | ||
@@ -406,5 +407,6 @@ var headers = {}; | ||
| server.register({ register: Crumb, options: { allowOrigins: ['*'] } }, function (err) { | ||
| expect(err).to.exist(); | ||
| expect(err.name).to.equal('ValidationError'); | ||
| expect(err.message).to.equal('allowOrigins position 0 contains an excluded value'); | ||
| expect(err.message).to.equal('child "allowOrigins" fails because ["allowOrigins" at position 0 contains an excluded value]'); | ||
| done(); | ||
@@ -418,4 +420,7 @@ }); | ||
| server.connection({ host: 'localhost', port: 80, routes: { cors: true } }); | ||
| server.route({ method: 'GET', path: '/1', handler: function (request, reply) { return reply('test'); } }); | ||
| server.route({ method: 'GET', path: '/1', handler: function (request, reply) { | ||
| return reply('test'); | ||
| } }); | ||
| server.register({ register: Crumb, options: null }, function (err) { | ||
@@ -428,5 +433,5 @@ | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res1) { | ||
| var header = res.headers['set-cookie']; | ||
| var header = res1.headers['set-cookie']; | ||
| expect(header[0]).to.contain('crumb'); | ||
@@ -436,7 +441,7 @@ | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res2) { | ||
| headers.origin = 'http://127.0.0.1'; | ||
| var header = res.headers['set-cookie']; | ||
| header = res2.headers['set-cookie']; | ||
| expect(header).to.not.exist(); | ||
@@ -478,10 +483,10 @@ | ||
| server.inject({ method: 'GET', url: '/1', headers: { host: 'localhost:443' } }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1', headers: { host: 'localhost:443' } }, function (res1) { | ||
| var header = res.headers['set-cookie']; | ||
| var header = res1.headers['set-cookie']; | ||
| expect(header[0]).to.contain('crumb'); | ||
| server.inject({ method: 'GET', url: '/1' }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1' }, function (res2) { | ||
| expect(res.headers['set-cookie']).to.not.exist(); | ||
| expect(res2.headers['set-cookie']).to.not.exist(); | ||
| done(); | ||
@@ -505,9 +510,10 @@ }); | ||
| ]); | ||
| server.register({ register: Crumb, options: { allowOrigins: ['http://127.0.0.1']} }, function (err) { | ||
| server.register({ register: Crumb, options: { allowOrigins: ['http://127.0.0.1'] } }, function (err) { | ||
| expect(err).to.not.exist(); | ||
| var headers = {}; | ||
| headers.origin = 'http://127.0.0.1'; | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res1) { | ||
| var header = res.headers['set-cookie']; | ||
| var header = res1.headers['set-cookie']; | ||
| expect(header[0]).to.contain('crumb'); | ||
@@ -517,5 +523,5 @@ | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res2) { | ||
| var header = res.headers['set-cookie']; | ||
| header = res2.headers['set-cookie']; | ||
| expect(header).to.not.exist(); | ||
@@ -525,5 +531,5 @@ | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res3) { | ||
| var header = res.headers['set-cookie']; | ||
| header = res3.headers['set-cookie']; | ||
| expect(header).to.not.exist(); | ||
@@ -533,5 +539,5 @@ | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res4) { | ||
| var header = res.headers['set-cookie']; | ||
| header = res4.headers['set-cookie']; | ||
| expect(header).to.not.exist(); | ||
@@ -560,8 +566,9 @@ | ||
| server.register({ register: Crumb, options: null }, function (err) { | ||
| expect(err).to.not.exist(); | ||
| var headers = {}; | ||
| headers.origin = 'http://127.0.0.1'; | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res1) { | ||
| var header = res.headers['set-cookie']; | ||
| var header = res1.headers['set-cookie']; | ||
| expect(header[0]).to.contain('crumb'); | ||
@@ -571,5 +578,5 @@ | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res2) { | ||
| var header = res.headers['set-cookie']; | ||
| header = res2.headers['set-cookie']; | ||
| expect(header).to.not.exist(); | ||
@@ -579,5 +586,5 @@ | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res3) { | ||
| var header = res.headers['set-cookie']; | ||
| header = res3.headers['set-cookie']; | ||
| expect(header).to.not.exist(); | ||
@@ -587,5 +594,5 @@ | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res4) { | ||
| var header = res.headers['set-cookie']; | ||
| header = res4.headers['set-cookie']; | ||
| expect(header).to.not.exist(); | ||
@@ -615,2 +622,3 @@ | ||
| server.register({ register: Crumb, options: null }, function (err) { | ||
| expect(err).to.not.exist(); | ||
@@ -641,21 +649,22 @@ var headers = {}; | ||
| ]); | ||
| server.register({ register: Crumb, options: { allowOrigins: ['http://127.0.0.1:2000']} }, function (err) { | ||
| server.register({ register: Crumb, options: { allowOrigins: ['http://127.0.0.1:2000'] } }, function (err) { | ||
| expect(err).to.not.exist(); | ||
| var headers = {}; | ||
| headers.origin = 'http://127.0.0.1:2000'; | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res1) { | ||
| var header = res.headers['set-cookie']; | ||
| var header = res1.headers['set-cookie']; | ||
| expect(header[0]).to.contain('crumb'); | ||
| headers.origin = 'http://127.0.0.1:1000'; | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res2) { | ||
| var header = res.headers['set-cookie']; | ||
| header = res2.headers['set-cookie']; | ||
| expect(header).to.not.exist(); | ||
| headers.origin = 'http://127.0.0.1'; | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res3) { | ||
| var header = res.headers['set-cookie']; | ||
| header = res3.headers['set-cookie']; | ||
| expect(header).to.not.exist(); | ||
@@ -682,15 +691,16 @@ | ||
| ]); | ||
| server.register({ register: Crumb, options: { allowOrigins: ['http://127.0.0.1:*', 'http://*.test.com']} }, function (err) { | ||
| server.register({ register: Crumb, options: { allowOrigins: ['http://127.0.0.1:*', 'http://*.test.com'] } }, function (err) { | ||
| expect(err).to.not.exist(); | ||
| var headers = {}; | ||
| headers.origin = 'http://127.0.0.1:2000'; | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res1) { | ||
| var header = res.headers['set-cookie']; | ||
| var header = res1.headers['set-cookie']; | ||
| expect(header[0]).to.contain('crumb'); | ||
| headers.origin = 'http://*.test.com'; | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res2) { | ||
| var header = res.headers['set-cookie']; | ||
| header = res2.headers['set-cookie']; | ||
| expect(header[0]).to.contain('crumb'); | ||
@@ -700,5 +710,5 @@ | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res) { | ||
| server.inject({ method: 'GET', url: '/1', headers: headers }, function (res3) { | ||
| var header = res.headers['set-cookie']; | ||
| header = res3.headers['set-cookie']; | ||
| expect(header).to.not.exist(); | ||
@@ -808,41 +818,41 @@ | ||
| server.inject({ method: 'POST', url: '/2', payload: '{ "key": "value" }', headers: validHeader }, function (res) { | ||
| server.inject({ method: 'POST', url: '/2', payload: '{ "key": "value" }', headers: validHeader }, function (res1) { | ||
| expect(res.result).to.equal('valid'); | ||
| expect(res1.result).to.equal('valid'); | ||
| server.inject({ method: 'POST', url: '/2', payload: '{ "key": "value" }', headers: invalidHeader }, function (res) { | ||
| server.inject({ method: 'POST', url: '/2', payload: '{ "key": "value" }', headers: invalidHeader }, function (res2) { | ||
| expect(res.statusCode).to.equal(403); | ||
| expect(res2.statusCode).to.equal(403); | ||
| server.inject({ method: 'POST', url: '/3', headers: { cookie: 'crumb=' + cookie[1] } }, function (res) { | ||
| server.inject({ method: 'POST', url: '/3', headers: { cookie: 'crumb=' + cookie[1] } }, function (res3) { | ||
| expect(res.statusCode).to.equal(403); | ||
| expect(res3.statusCode).to.equal(403); | ||
| server.inject({ method: 'PUT', url: '/4', payload: '{ "key": "value" }', headers: validHeader }, function (res) { | ||
| server.inject({ method: 'PUT', url: '/4', payload: '{ "key": "value" }', headers: validHeader }, function (res4) { | ||
| expect(res.result).to.equal('valid'); | ||
| expect(res4.result).to.equal('valid'); | ||
| server.inject({ method: 'PUT', url: '/4', payload: '{ "key": "value" }', headers: invalidHeader }, function (res) { | ||
| server.inject({ method: 'PUT', url: '/4', payload: '{ "key": "value" }', headers: invalidHeader }, function (res5) { | ||
| expect(res.statusCode).to.equal(403); | ||
| expect(res5.statusCode).to.equal(403); | ||
| server.inject({ method: 'PATCH', url: '/5', payload: '{ "key": "value" }', headers: validHeader }, function (res) { | ||
| server.inject({ method: 'PATCH', url: '/5', payload: '{ "key": "value" }', headers: validHeader }, function (res6) { | ||
| expect(res.result).to.equal('valid'); | ||
| expect(res6.result).to.equal('valid'); | ||
| server.inject({ method: 'PATCH', url: '/5', payload: '{ "key": "value" }', headers: invalidHeader }, function (res) { | ||
| server.inject({ method: 'PATCH', url: '/5', payload: '{ "key": "value" }', headers: invalidHeader }, function (res7) { | ||
| expect(res.statusCode).to.equal(403); | ||
| expect(res7.statusCode).to.equal(403); | ||
| server.inject({ method: 'DELETE', url: '/6', headers: validHeader }, function (res) { | ||
| server.inject({ method: 'DELETE', url: '/6', headers: validHeader }, function (res8) { | ||
| expect(res.result).to.equal('valid'); | ||
| expect(res8.result).to.equal('valid'); | ||
| server.inject({ method: 'DELETE', url: '/6', headers: invalidHeader }, function (res) { | ||
| server.inject({ method: 'DELETE', url: '/6', headers: invalidHeader }, function (res9) { | ||
| expect(res.statusCode).to.equal(403); | ||
| expect(res9.statusCode).to.equal(403); | ||
| server.inject({ method: 'POST', url: '/7', payload: '{ "key": "value" }' }, function (res) { | ||
| server.inject({ method: 'POST', url: '/7', payload: '{ "key": "value" }' }, function (res10) { | ||
| expect(res.result).to.equal('valid'); | ||
| expect(res10.result).to.equal('valid'); | ||
@@ -852,5 +862,5 @@ var payload = { key: 'value', crumb: cookie[1] }; | ||
| delete validHeader['x-csrf-token']; | ||
| server.inject({ method: 'POST', url: '/8', payload: JSON.stringify(payload), headers: validHeader }, function (res) { | ||
| server.inject({ method: 'POST', url: '/8', payload: JSON.stringify(payload), headers: validHeader }, function (res11) { | ||
| expect(res.result).to.equal('valid'); | ||
| expect(res11.result).to.equal('valid'); | ||
| done(); | ||
@@ -857,0 +867,0 @@ }); |
Sorry, the diff of this file is not supported yet
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Lines of code
- increased by0.11%
871
Worsened metrics
- Total package byte prevSize
- decreased by-0.06%
115153
- Number of package files
- decreased by-11.76%
15
Dependency changes
+ Addedjoi@6.10.1(transitive)
- Removedjoi@4.9.0(transitive)
Updatedjoi@6.x.x