		@@ -5,2 +5,3 @@ /*!
		* Copyright(c) 2014 Jonathan Ong
		* Copyright(c) 2014 Douglas Christopher Wilson
		* MIT Licensed
		@@ -30,8 +31,2 @@ */

		var ignoreMethod = {
		GET: true,
		HEAD: true,
		OPTIONS: true,
		};

		module.exports = function csurf(options) {
		@@ -51,2 +46,14 @@ options = options \|\| {};

		// ignored methods
		var ignoreMethods = options.ignoreMethods === undefined
		? ['GET', 'HEAD', 'OPTIONS']
		: options.ignoreMethods

		if (!Array.isArray(ignoreMethods)) {
		throw new TypeError('option ignoreMethods must be an array')
		}

		// generate lookup
		var ignoreMethod = getIgnoredMethods(ignoreMethods)

		return function csrf(req, res, next) {
		@@ -89,3 +96,5 @@ var secret = getsecret(req, options.cookie)
		// verify the incoming token
		verifytoken(req, tokens, secret, value(req))
		if (!ignoreMethod[req.method]) {
		verifytoken(req, tokens, secret, value(req))
		}

		@@ -113,2 +122,21 @@ next()
		/**
		* Get a lookup of ignored methods.
		*
		* @param {array} methods
		* @returns {object}
		* @api private
		*/

		function getIgnoredMethods(methods) {
		var obj = Object.create(null)

		for (var i = 0; i < methods.length; i++) {
		var method = methods[i].toUpperCase()
		obj[method] = true
		}

		return obj
		}

		/**
		* Get the token secret from the request.
		@@ -206,7 +234,2 @@ *
		function verifytoken(req, tokens, secret, val) {
		// ignore these methods
		if (ignoreMethod[req.method]) {
		return
		}

		// valid token
		@@ -213,0 +236,0 @@ if (tokens.verify(secret, val)) {

package.json

		{
		"name": "csurf",
		"description": "CSRF token middleware",
		"version": "1.4.1",
		"version": "1.5.0",
		"author": "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)",
		@@ -34,3 +34,7 @@ "contributors": [
		},
		"files": ["index.js"],
		"files": [
		"HISTORY.md",
		"LICENSE",
		"index.js"
		],
		"keywords": [
		@@ -37,0 +41,0 @@ "csrf",

README.md

		# csurf

		[![NPM version][npm-image]][npm-url]
		[![NPM Version][npm-image]][npm-url]
		[![NPM Downloads][downloads-image]][downloads-url]
		[![Build status][travis-image]][travis-url]
		[![Test coverage][coveralls-image]][coveralls-url]
		[![Dependency Status][david-image]][david-url]
		[![License][license-image]][license-url]
		[![Downloads][downloads-image]][downloads-url]

		@@ -43,2 +41,4 @@ Node.js [CSRF](https://en.wikipedia.org/wiki/Cross-site_request_forgery) protection middleware.
		- any other [res.cookie](http://expressjs.com/4x/api.html#res.cookie) options can be set
		- `ignoreMethods` An array of the methods CSRF token checking will disabled.
		(default: `['GET', 'HEAD', 'OPTIONS']`)

		@@ -63,15 +63,9 @@ ### req.csrfToken()

		[npm-image]: https://img.shields.io/npm/v/csurf.svg?style=flat-square
		[npm-image]: https://img.shields.io/npm/v/csurf.svg?style=flat
		[npm-url]: https://npmjs.org/package/csurf
		[github-tag]: http://img.shields.io/github/tag/expressjs/csurf.svg?style=flat-square
		[github-url]: https://github.com/expressjs/csurf/tags
		[travis-image]: https://img.shields.io/travis/expressjs/csurf.svg?style=flat-square
		[travis-image]: https://img.shields.io/travis/expressjs/csurf.svg?style=flat
		[travis-url]: https://travis-ci.org/expressjs/csurf
		[coveralls-image]: https://img.shields.io/coveralls/expressjs/csurf.svg?style=flat-square
		[coveralls-image]: https://img.shields.io/coveralls/expressjs/csurf.svg?style=flat
		[coveralls-url]: https://coveralls.io/r/expressjs/csurf?branch=master
		[david-image]: http://img.shields.io/david/expressjs/csurf.svg?style=flat-square
		[david-url]: https://david-dm.org/expressjs/csurf
		[license-image]: http://img.shields.io/npm/l/csurf.svg?style=flat-square
		[license-url]: LICENSE
		[downloads-image]: http://img.shields.io/npm/dm/csurf.svg?style=flat-square
		[downloads-image]: http://img.shields.io/npm/dm/csurf.svg?style=flat
		[downloads-url]: https://npmjs.org/package/csurf

csurf - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Worsened metrics