New Case Study:See how Anthropic automated 95% of dependency reviews with Socket.Learn More →
fi-aegis - npm Package Compare versions
Comparing version 1.0.1 to 1.0.2
@@ -1,4 +0,14 @@ | ||
| ##### v1.0.0 | ||
| #### v1.0.2 | ||
| * Multiple code optimizations (610fec5e44c2a97c1a3cfd03a59a08487be4b1bc). | ||
| #### v1.0.1 | ||
| * Updated documentation, license and package information (d8c031eb37edcb3cbffd0cd1be2267affddd9391). | ||
| #### v1.0.0 | ||
| * Initial stable release following lusca's v1.4.1. | ||
| * Minor optimizations and code refactoring. | ||
| * Minor optimizations and code refactoring. |
@@ -76,3 +76,3 @@ /** | ||
| if (typeof policy === 'object' && policy !== null) { | ||
| entries = Object.keys(policy).map(function (directive) { | ||
| entries = Object.keys(policy).map(directive => { | ||
| if (policy[directive] === 0 || policy[directive]) { | ||
@@ -79,0 +79,0 @@ directive += ' ' + policy[directive]; |
@@ -14,2 +14,3 @@ /** | ||
| var config = { | ||
| safeVerbs: ['OPTIONS', 'HEAD', 'GET'], | ||
| cookie: null, | ||
@@ -75,7 +76,7 @@ header: null, | ||
| /** | ||
| * Sets the CSRF token into the response. | ||
| * Regenerates the token if necessary and sets it in the response object. | ||
| * | ||
| * @returns {String} The CSRF token. | ||
| * @returns {String} The token. | ||
| */ | ||
| function csrfToken() { | ||
| req.csrfToken = () => { | ||
| var newCsrf = getCsrf(req, config.secret); | ||
@@ -92,11 +93,6 @@ | ||
| return csrf.token; | ||
| } | ||
| }; | ||
| req.csrfToken = csrfToken; | ||
| /* Move along for safe verbs */ | ||
| switch (req.method) { | ||
| case 'OPTIONS': | ||
| case 'HEAD': | ||
| case 'GET': | ||
| if (config.safeVerbs.indexOf(req.method) >= 0) { | ||
| return next(); | ||
@@ -103,0 +99,0 @@ } |
@@ -9,2 +9,4 @@ /** | ||
| const HEADER = 'strict-transport-security'; | ||
| var value; | ||
@@ -21,3 +23,3 @@ | ||
| if (value) { | ||
| res.header('strict-transport-security', value); | ||
| res.header(HEADER, value); | ||
| } | ||
@@ -24,0 +26,0 @@ |
@@ -9,2 +9,5 @@ /** | ||
| const HEADER = 'x-content-type-options'; | ||
| const VALUE = 'nosniff'; | ||
| module.exports = () => { | ||
@@ -20,3 +23,3 @@ | ||
| function middleware(req, res, next) { | ||
| res.header('x-content-type-options', 'nosniff'); | ||
| res.header(HEADER, VALUE); | ||
@@ -23,0 +26,0 @@ next(); |
@@ -11,2 +11,4 @@ /** | ||
| const HEADER = 'p3p'; | ||
| module.exports = value => { | ||
@@ -25,3 +27,3 @@ | ||
| if (value) { | ||
| res.header('p3p', value); | ||
| res.header(HEADER, value); | ||
| } | ||
@@ -28,0 +30,0 @@ |
@@ -9,2 +9,4 @@ /** | ||
| const HEADER = 'x-frame-options'; | ||
| var value; | ||
@@ -21,3 +23,3 @@ | ||
| if (value) { | ||
| res.header('x-frame-options', value); | ||
| res.header(HEADER, value); | ||
| } | ||
@@ -24,0 +26,0 @@ |
@@ -9,2 +9,4 @@ /** | ||
| const HEADER = 'x-xss-protection'; | ||
| var value; | ||
@@ -21,3 +23,3 @@ | ||
| if (value) { | ||
| res.header('x-xss-protection', value); | ||
| res.header(HEADER, value); | ||
| } | ||
@@ -24,0 +26,0 @@ |
| { | ||
| "name": "fi-aegis", | ||
| "version": "1.0.1", | ||
| "version": "1.0.2", | ||
| "description": "Web Application Security Middleware.", | ||
@@ -26,2 +26,3 @@ "author": "Jeff Harrell <jeharrell@paypal.com>", | ||
| "body-parser": "^1.6.3", | ||
| "chance": "^1.0.10", | ||
| "cookie-parser": "^1.3.2", | ||
@@ -28,0 +29,0 @@ "cookie-session": "^1.0.2", |
No alert changes
Improved metrics
- Total package byte prevSize
- increased by1.53%
25459
- Lines of code
- increased by0.61%
497
Worsened metrics
- Dev dependency count
- increased by11.11%
10
No dependency changes