You're Invited:Meet the Socket Team at BlackHat and DEF CON in Las Vegas, Aug 4-6.RSVP →
csurf - npm Package Compare versions
Comparing version 1.2.1 to 1.2.2
| 1.2.2 / 2014-06-18 | ||
| ================== | ||
| * bump csrf-tokens | ||
| 1.2.1 / 2014-06-09 | ||
| ================== | ||
| * refactor to use csrf-tokens | ||
| 1.2.0 / 2014-05-13 | ||
@@ -6,3 +16,2 @@ ================== | ||
| * add support for double-submit cookie | ||
@@ -13,2 +22,1 @@ 1.1.0 / 2014-04-06 | ||
| * add constant-time string compare | ||
18
index.js
@@ -21,2 +21,8 @@ /*! | ||
| var ignoreMethod = { | ||
| GET: true, | ||
| HEAD: true, | ||
| OPTIONS: true, | ||
| }; | ||
| module.exports = function csrf(options) { | ||
@@ -74,5 +80,4 @@ options = options || {}; | ||
| function createToken(secret) { | ||
| // lazy-load token | ||
| var token; | ||
| // lazy-load token | ||
| req.csrfToken = function csrfToken() { | ||
@@ -83,9 +88,6 @@ return token || (token = tokens.create(secret)); | ||
| // ignore these methods | ||
| if ('GET' == req.method || 'HEAD' == req.method || 'OPTIONS' == req.method) return next(); | ||
| if (ignoreMethod[req.method]) return next(); | ||
| // determine user-submitted value | ||
| var val = value(req); | ||
| // check | ||
| if (!val || !tokens.verify(secret, val)) { | ||
| // check user-submitted value | ||
| if (!tokens.verify(secret, value(req))) { | ||
| var err = new Error('invalid csrf token'); | ||
@@ -92,0 +94,0 @@ err.status = 403; |
| { | ||
| "name": "csurf", | ||
| "description": "CSRF token middleware", | ||
| "version": "1.2.1", | ||
| "version": "1.2.2", | ||
| "author": { | ||
@@ -14,3 +14,3 @@ "name": "Jonathan Ong", | ||
| "dependencies": { | ||
| "csrf-tokens": "~1.0.2" | ||
| "csrf-tokens": "~2.0.0" | ||
| }, | ||
@@ -30,4 +30,4 @@ "devDependencies": { | ||
| "scripts": { | ||
| "test": "make test" | ||
| "test": "NODE_ENV=test mocha --reporter spec --require should" | ||
| } | ||
| } |
No alert changes
Improved metrics
- Total package byte prevSize
6703
0.63%- Lines of code
101
3.06%Worsened metrics
- Number of package files
6
-14.29%Dependency changes
+ Added
base64-url@1.2.11.3.3(transitive)+ Added
csrf-tokens@2.0.0(transitive)+ Added
native-or-bluebird@1.1.2(transitive)+ Added
uid-safe@1.1.0(transitive)- Removed
csrf-tokens@1.0.4(transitive)- Removed
uid2@0.0.4(transitive)Updated
csrf-tokens@~2.0.0