finalhandler
Advanced tools
Comparing version 0.5.1 to 1.0.0
@@ -0,1 +1,16 @@ | ||
| 1.0.0 / 2017-02-15 | ||
| ================== | ||
| * Fix exception when `err` cannot be converted to a string | ||
| * Fully URL-encode the pathname in the 404 message | ||
| * Only include the pathname in the 404 message | ||
| * Send complete HTML document | ||
| * Set `Content-Security-Policy: default-src 'self'` header | ||
| * deps: debug@2.6.1 | ||
| - Allow colors in workers | ||
| - Deprecated `DEBUG_FD` environment variable set to `3` or higher | ||
| - Fix error when running under React Native | ||
| - Use same color for same namespace | ||
| - deps: ms@0.7.2 | ||
| 0.5.1 / 2016-11-12 | ||
@@ -2,0 +17,0 @@ ================== |
76
index.js
| /*! | ||
| * finalhandler | ||
| * Copyright(c) 2014-2016 Douglas Christopher Wilson | ||
| * Copyright(c) 2014-2017 Douglas Christopher Wilson | ||
| * MIT Licensed | ||
@@ -15,4 +15,6 @@ */ | ||
| var debug = require('debug')('finalhandler') | ||
| var encodeUrl = require('encodeurl') | ||
| var escapeHtml = require('escape-html') | ||
| var onFinished = require('on-finished') | ||
| var parseUrl = require('parseurl') | ||
| var statuses = require('statuses') | ||
@@ -36,2 +38,25 @@ var unpipe = require('unpipe') | ||
| /** | ||
| * Create a minimal HTML document. | ||
| * | ||
| * @param {string} message | ||
| * @private | ||
| */ | ||
| function createHtmlDocument (message) { | ||
| var body = escapeHtml(message) | ||
| .replace(NEWLINE_REGEXP, '<br>') | ||
| .replace(DOUBLE_SPACE_REGEXP, ' ') | ||
| return '<!DOCTYPE html>\n' + | ||
| '<html lang="en">\n' + | ||
| '<head>\n' + | ||
| '<meta charset="utf-8">\n' + | ||
| '<title>Error</title>\n' + | ||
| '</head>\n' + | ||
| '<body>\n' + | ||
| '<pre>' + body + '</pre>\n' + | ||
| '</body>\n' | ||
| } | ||
| /** | ||
| * Module exports. | ||
@@ -64,2 +89,3 @@ * @public | ||
| var headers | ||
| var msg | ||
| var status | ||
@@ -88,12 +114,8 @@ | ||
| // production gets a basic error message | ||
| var msg = env === 'production' | ||
| ? statuses[status] | ||
| : err.stack || err.toString() | ||
| msg = escapeHtml(msg) | ||
| .replace(NEWLINE_REGEXP, '<br>') | ||
| .replace(DOUBLE_SPACE_REGEXP, ' ') + '\n' | ||
| // get error message | ||
| msg = getErrorMessage(err, status, env) | ||
| } else { | ||
| // not found | ||
| status = 404 | ||
| msg = 'Cannot ' + escapeHtml(req.method) + ' ' + escapeHtml(req.originalUrl || req.url) + '\n' | ||
| msg = 'Cannot ' + req.method + ' ' + encodeUrl(parseUrl.original(req).pathname) | ||
| } | ||
@@ -145,2 +167,28 @@ | ||
| /** | ||
| * Get message from Error object, fallback to status message. | ||
| * | ||
| * @param {Error} err | ||
| * @param {number} status | ||
| * @param {string} env | ||
| * @return {string} | ||
| * @private | ||
| */ | ||
| function getErrorMessage (err, status, env) { | ||
| var msg | ||
| if (env !== 'production') { | ||
| // use err.stack, which typically includes err.message | ||
| msg = err.stack | ||
| // fallback to err.toString() when possible | ||
| if (!msg && typeof err.toString === 'function') { | ||
| msg = err.toString() | ||
| } | ||
| } | ||
| return msg || statuses[status] | ||
| } | ||
| /** | ||
| * Get status code from Error object. | ||
@@ -193,8 +241,11 @@ * | ||
| * @param {object} headers | ||
| * @param {string} body | ||
| * @param {string} message | ||
| * @private | ||
| */ | ||
| function send (req, res, status, headers, body) { | ||
| function send (req, res, status, headers, message) { | ||
| function write () { | ||
| // response body | ||
| var body = createHtmlDocument(message) | ||
| // response status | ||
@@ -207,3 +258,4 @@ res.statusCode = status | ||
| // security header for content sniffing | ||
| // security headers | ||
| res.setHeader('Content-Security-Policy', "default-src 'self'") | ||
| res.setHeader('X-Content-Type-Options', 'nosniff') | ||
@@ -210,0 +262,0 @@ |
| { | ||
| "name": "finalhandler", | ||
| "description": "Node.js final http responder", | ||
| "version": "0.5.1", | ||
| "version": "1.0.0", | ||
| "author": "Douglas Christopher Wilson <doug@somethingdoug.com>", | ||
@@ -9,5 +9,7 @@ "license": "MIT", | ||
| "dependencies": { | ||
| "debug": "~2.2.0", | ||
| "debug": "2.6.1", | ||
| "encodeurl": "~1.0.1", | ||
| "escape-html": "~1.0.3", | ||
| "on-finished": "~2.3.0", | ||
| "parseurl": "~1.3.1", | ||
| "statuses": "~1.3.1", | ||
@@ -17,3 +19,3 @@ "unpipe": "~1.0.0" | ||
| "devDependencies": { | ||
| "eslint": "3.10.0", | ||
| "eslint": "3.15.0", | ||
| "eslint-config-standard": "6.2.1", | ||
@@ -20,0 +22,0 @@ "eslint-plugin-markdown": "1.0.0-beta.3", |
Sorry, the diff of this file is not supported yet
New alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
Fixed alerts
Environment variable access
Supply chain riskPackage accesses environment variables, which may be a sign of credential stuffing or data theft.
Found 1 instance in 1 package
No v1
QualityPackage is not semver >=1. This means it is not stable and does not support ^ ranges.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by11.46%
15301
- Lines of code
- increased by21.61%
242
- Number of low quality alerts
- decreased by-100%
0
- Number of low supply chain risk alerts
- decreased by-50%
1
Worsened metrics
- Dependency count
- increased by40%
7
Dependency changes
+ Addedencodeurl@~1.0.1
+ Addedparseurl@~1.3.1
+ Addeddebug@2.6.1(transitive)
+ Addedencodeurl@1.0.2(transitive)
+ Addedms@0.7.2(transitive)
+ Addedparseurl@1.3.3(transitive)
- Removeddebug@2.2.0(transitive)
- Removedms@0.7.1(transitive)
Updateddebug@2.6.1