csurf - npm Package Compare versions

Comparing version 1.2.1 to 1.2.2

HISTORY.md


		1.2.2 / 2014-06-18
		==================

		* bump csrf-tokens

		1.2.1 / 2014-06-09
		==================

		* refactor to use csrf-tokens

		1.2.0 / 2014-05-13
		@@ -6,3 +16,2 @@ ==================
		* add support for double-submit cookie


		@@ -13,2 +22,1 @@ 1.1.0 / 2014-04-06
		* add constant-time string compare

index.js

		@@ -21,2 +21,8 @@ /*!

		var ignoreMethod = {
		GET: true,
		HEAD: true,
		OPTIONS: true,
		};

		module.exports = function csrf(options) {
		@@ -74,5 +80,4 @@ options = options \|\| {};
		function createToken(secret) {
		// lazy-load token
		var token;

		// lazy-load token
		req.csrfToken = function csrfToken() {
		@@ -83,9 +88,6 @@ return token \|\| (token = tokens.create(secret));
		// ignore these methods
		if ('GET' == req.method \|\| 'HEAD' == req.method \|\| 'OPTIONS' == req.method) return next();
		if (ignoreMethod[req.method]) return next();

		// determine user-submitted value
		var val = value(req);

		// check
		if (!val \|\| !tokens.verify(secret, val)) {
		// check user-submitted value
		if (!tokens.verify(secret, value(req))) {
		var err = new Error('invalid csrf token');
		@@ -92,0 +94,0 @@ err.status = 403;

package.json

		{
		"name": "csurf",
		"description": "CSRF token middleware",
		"version": "1.2.1",
		"version": "1.2.2",
		"author": {
		@@ -14,3 +14,3 @@ "name": "Jonathan Ong",
		"dependencies": {
		"csrf-tokens": "~1.0.2"
		"csrf-tokens": "~2.0.0"
		},
		@@ -30,4 +30,4 @@ "devDependencies": {
		"scripts": {
		"test": "make test"
		"test": "NODE_ENV=test mocha --reporter spec --require should"
		}
		}

Makefile

New alerts