Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket

faye

Package Overview
Dependencies
Maintainers
1
Versions
44
Alerts
File Explorer

Advanced tools

Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

faye - npm Package Versions

1345

1.1.2

Diff

Changelog

Source

1.1.2 / 2015-07-19

  • Allow the Authorization header to be used on CORS requests
  • Disallow unused methods like PUT and DELETE on CORS requests
  • Stop IE prematurely garbage-collecting XDomainRequest objects
  • Make sure messages can be sent if they overflow the request size limit and the outbox is empty
  • Don't send messages over WebSockets unless they are in the 'open' ready-state
  • Fix a bug preventing use of the in-process transport in Ruby
jcoglan
published 1.1.1 •

Changelog

Source

1.1.1 / 2015-02-25

  • Make sure the client ID associated with a WebSocket is not dropped, so the socket can be closed properly
  • Handle cases where a JSON-P endpoint returns no response argument
  • Stop trying to retry messages after the client has been disconnected
  • Remove duplication of the client ID in EventSource URLs
jcoglan
published 1.1.0 •

Changelog

Source

1.1.0 / 2014-12-22

  • Allow the server and client to use WebSocket extensions, for example permessage-deflate
  • Support the HTTP_PROXY and HTTPS_PROXY environment variables to send all client connections through an HTTP proxy
  • Introduce the Scheduler API to allow the user to control message retries
  • Add the attempts and deadline options to Client#publish()
  • Let RackAdapter take a block that yields the instance, so extensions can be added to middleware
  • Allow monitoring listeners to see the clientId on publishd messages but still avoid sending it to subscribers
  • Return a promise from Client#disconnect()
  • Fix client-side retry bugs causing the client to flood the server with duplicate messages
  • Send all transport types in the supportedConnectionTypes handshake parameter
  • Don't close WebSockets when the client recovers from an error and sends a new clientId
  • Replace cookiejar with tough-cookie to avoid global variable leaks
jcoglan
published 0.8.11 •

Changelog

Source

0.8.11 / 2014-07-08

  • Make some changes to JSON-P responses to mitigate the Rosetta Flash attack
  • http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
jcoglan
published 1.0.3 •

Changelog

Source

1.0.3 / 2014-07-08

  • Make some changes to JSON-P responses to mitigate the Rosetta Flash attack
  • http://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/
jcoglan
published 1.0.1 •

Changelog

Source

1.0.1 / 2013-12-10

  • Add Adapter#close() method for gracefully shutting down the server
  • Fix error recover bug in WebSocket that made transport cycle through up/down state
  • Update Promise implementation to pass promises-aplus-tests 2.0
  • Correct some incorrect variable names in the Ruby transports
  • Make logging methods public to fix a problem on Ruby 2.1
jcoglan
published 1.0.0 •

Changelog

Source

1.0.0 / 2013-10-01

  • Client changes:
    • Allow clients to be instantiated with URI objects rather than strings
    • Add a ca option to the Node Client class for passing in trusted server certificates
    • Objects supporting the callback() method in JavaScript are now Promises
    • Fix protocol-relative URI parsing in the client
    • Remove the getClientId() and getState() methods from the Client class
  • Transport changes:
    • Add request-size limiting to all batching transports
    • Make the WebSocket transport more robust against quiet network periods and clients going to sleep
    • Support cookies across all transports when using the client on Node.js or Ruby
    • Support custom headers in the cross-origin-long-polling and server-side websocket transports
  • Adapter changes:
    • Support the rack.hijack streaming API
    • Migrate to MultiJson for JSON handling on Ruby, allowing use of JRuby
    • Escape U+2028 and U+2029 in JSON-P output
    • Fix a bug stopping requests being routed when the mount point is /
    • Fix various bugs that cause errors to be thrown if we try to send a message over a closed socket
    • Remove the listen() method from Adapter in favour of using server-specific APIs
  • Server changes:
    • Use cryptographically secure random number generators to create client IDs
    • Allow extensions to access request properties by using 3-ary methods
    • Objects supporting the bind() method now implement the full EventEmitter API
    • Stop the server from forwarding the clientId property of published messages
  • Miscellaneous:
    • Support Browserify by returning the client module
    • Faye.logger can now be a logger object rather than a function
jcoglan
published 0.8.9 •

Changelog

Source

0.8.9 / 2013-02-26

  • Specify ciphers for SSL on Node to mitigate the BEAST attack
  • Mitigate increased risk of socket hang-up errors in Node v0.8.20
  • Fix race condition when processing outgoing extensions in the Node server
  • Fix problem loading the client script when using {mount: '/'}
  • Clean up connection objects when a WebSocket is re-used with a new clientId
  • All JavaScript code now runs in strict mode
  • Select transport on handshake, instead of on client creation to allow time for disable() calls
  • Do not speculatively open WebSocket/EventSource connections if they are disabled
  • Gracefully handle WebSocket messages with no data on the client side
  • Close and reconnect WebSocket when onerror is fired, not just when onclose is fired
  • Fix problem with caching of EventSource connections with stale clientIds
  • Don't parse query strings when checking if a URL is same-origin or not
jcoglan
published 0.8.8 •

Changelog

Source

0.8.8 / 2013-01-10

  • Patch security hole allowing remote execution of arbitrary Server methods
jcoglan
published 0.7.2 •

Changelog

Source

0.7.2 / 2013-01-10

  • Patch security hole allowing remote execution of arbitrary Server methods
SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

Packages

npm

Stay in touch

Get open source security insights delivered straight into your inbox.


  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc