csurf - npm Package Compare versions

Comparing version 1.2.2 to 1.3.0

HISTORY.md

		@@ -0,2 +1,6 @@
		1.3.0 / 2014-07-03
		==================

		* add support for environments without `res.cookie` (connect@3)

		1.2.2 / 2014-06-18
		@@ -3,0 +7,0 @@ ==================

index.js

		@@ -9,2 +9,10 @@ /*!
		/**
		* Module dependencies.
		*/

		var Cookie = require('cookie');
		var csrfTokens = require('csrf-tokens');
		var sign = require('cookie-signature').sign;

		/**
		* CSRF protection middleware.
		@@ -35,3 +43,3 @@ *

		var tokens = require('csrf-tokens')(options);
		var tokens = csrfTokens(options);

		@@ -66,11 +74,20 @@ if (cookie && typeof cookie !== 'object')
		if (err) return next(err);
		if (cookie)
		res.cookie(cookieKey, secret, cookie);
		else if (req.session)
		if (cookie) {
		var cookieSecret = req.secret;
		var val = secret;

		if (signedCookie) {
		if (!cookieSecret) {
		var err = new Error('cookieParser("secret") required for signed cookies');
		err.status = 500;
		next(err);
		return;
		}

		val = 's:' + sign(secret, cookieSecret);
		}

		setcookie(res, cookieKey, val, cookie);
		} else {
		req.session.csrfSecret = secret;
		else {
		var err = new Error('misconfigured csrf');
		err.status = 500;
		next(err);
		return;
		}
		@@ -119,1 +136,22 @@ createToken(secret);
		}

		/**
		* Set a cookie on the HTTP response.
		*
		* @param {OutgoingMessage} res
		* @param {string} name
		* @param {string} val
		* @param {Object} [options]
		* @api private
		*/

		function setcookie(res, name, val, options) {
		var data = Cookie.serialize(name, val, options);

		var prev = res.getHeader('set-cookie') \|\| [];
		var header = Array.isArray(prev) ? prev.concat(data)
		: Array.isArray(data) ? [prev].concat(data)
		: [prev, data];

		res.setHeader('set-cookie', header);
		}

package.json

		{
		"name": "csurf",
		"description": "CSRF token middleware",
		"version": "1.2.2",
		"version": "1.3.0",
		"author": {
		@@ -14,12 +14,15 @@ "name": "Jonathan Ong",
		"dependencies": {
		"cookie": "0.1.2",
		"cookie-signature": "1.0.4",
		"csrf-tokens": "~2.0.0"
		},
		"devDependencies": {
		"cookie-session": "*",
		"body-parser": "*",
		"cookie-parser": "*",
		"mocha": ">= 1.17.0 < 2",
		"should": ">= 3.0.0 < 4",
		"supertest": "*",
		"connect": "*"
		"body-parser": "~1.3.0",
		"connect": "3",
		"cookie-parser": "~1.3.1",
		"cookie-session": "~1.0.2",
		"istanbul": "0.2.14",
		"mocha": "~1.20.1",
		"should": "~4.0.4",
		"supertest": "~0.13.0"
		},
		@@ -30,4 +33,6 @@ "engines": {
		"scripts": {
		"test": "NODE_ENV=test mocha --reporter spec --require should"
		"test": "mocha --check-leaks --reporter spec --bail test/",
		"test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --check-leaks --reporter dot test/",
		"test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --check-leaks --reporter spec test/"
		}
		}

README.md

		@@ -1,3 +0,7 @@
		# csurf [![Build Status](https://travis-ci.org/expressjs/csurf.svg?branch=master)](https://travis-ci.org/expressjs/csurf) [![NPM Version](https://badge.fury.io/js/csurf.svg)](https://badge.fury.io/js/csurf)
		# csurf

		[![NPM Version](https://badge.fury.io/js/csurf.svg)](https://badge.fury.io/js/csurf)
		[![Build Status](https://travis-ci.org/expressjs/csurf.svg?branch=master)](https://travis-ci.org/expressjs/csurf)
		[![Coverage Status](https://img.shields.io/coveralls/expressjs/csurf.svg?branch=master)](https://coveralls.io/r/expressjs/csurf)

		Node.js [CSRF](https://en.wikipedia.org/wiki/Cross-site_request_forgery) protection middleware.
		@@ -4,0 +8,0 @@

.npmignore

Sorry, the diff of this file is not supported yet

New alerts