hapi - npm Package Compare versions

lib/security.js

3

lib/defaults.js

		@@ -45,3 +45,4 @@ 'use strict';
		space: null,
		suffix: null
		suffix: null,
		escape: false
		},
		@@ -48,0 +49,0 @@ log: false, // Enables request level log collection

27

lib/ext.js

		@@ -5,2 +5,3 @@ 'use strict';

		const Hoek = require('hoek');
		const Topo = require('topo');
		@@ -73,1 +74,27 @@
		};


		internals.Ext.combine = function (route, type) {

		const ext = new internals.Ext(type, route.server);

		const events = route.settings.ext[type];
		if (events) {
		for (let i = 0; i < events.length; ++i) {
		const event = Hoek.shallow(events[i]);
		Hoek.assert(!event.options.sandbox, 'Cannot specify sandbox option for route extension');
		event.plugin = route.plugin;
		ext.add(event);
		}
		}

		const connection = route.connection._extensions[type];
		const realm = route.plugin.realm._extensions[type];

		ext.merge([connection, realm]);

		connection.subscribe(route);
		realm.subscribe(route);

		return ext;
		};

5

lib/request.js

		@@ -136,6 +136,3 @@ 'use strict';

		this.raw = {
		req,
		res
		};
		this.raw = { req, res };

		@@ -142,0 +139,0 @@ this.tail = this.addTail = this._addTail; // Removed once wagging

13

lib/response.js

		@@ -326,2 +326,10 @@ 'use strict';

		internals.Response.prototype.escape = function (escape) {

		this.settings.stringify = this.settings.stringify \|\| {};
		this.settings.stringify.escape = escape;
		return this;
		};


		internals.Response.prototype.passThrough = function (enabled) {
		@@ -587,2 +595,3 @@
		const suffix = options.suffix \|\| this.request.route.settings.json.suffix \|\| '';
		const escape = this.request.route.settings.json.escape \|\| false;
		try {
		@@ -603,2 +612,6 @@ if (replacer \|\| space) {
		}

		if (escape) {
		payload = Hoek.escapeJson(payload);
		}
		}
		@@ -605,0 +618,0 @@ else if (this.settings.stringify) {

85

lib/route.js

		@@ -11,3 +11,2 @@ 'use strict';
		const Cors = require('./cors');
		const Defaults = require('./defaults');
		const Ext = require('./ext');
		@@ -17,2 +16,3 @@ const Handler = require('./handler');
		const Schema = require('./schema');
		const Security = require('./security');
		const Streams = require('./streams');
		@@ -150,6 +150,2 @@
		else {
		if (this.settings.payload.allow) {
		this.settings.payload.allow = [].concat(this.settings.payload.allow);
		}

		this.settings.payload.decoders = this.connection._compression._decoders; // Reference the shared object to keep up to date
		@@ -181,45 +177,4 @@ }

		if (this.settings.security) {
		this.settings.security = Hoek.applyToDefaults(Defaults.security, this.settings.security);
		this.settings.security = Security.route(this.settings.security);

		const security = this.settings.security;
		if (security.hsts) {
		if (security.hsts === true) {
		security._hsts = 'max-age=15768000';
		}
		else if (typeof security.hsts === 'number') {
		security._hsts = 'max-age=' + security.hsts;
		}
		else {
		security._hsts = 'max-age=' + (security.hsts.maxAge \|\| 15768000);
		if (security.hsts.includeSubdomains \|\| security.hsts.includeSubDomains) {
		security._hsts = security._hsts + '; includeSubDomains';
		}
		if (security.hsts.preload) {
		security._hsts = security._hsts + '; preload';
		}
		}
		}

		if (security.xframe) {
		if (security.xframe === true) {
		security._xframe = 'DENY';
		}
		else if (typeof security.xframe === 'string') {
		security._xframe = security.xframe.toUpperCase();
		}
		else if (security.xframe.rule === 'allow-from') {
		if (!security.xframe.source) {
		security._xframe = 'SAMEORIGIN';
		}
		else {
		security._xframe = 'ALLOW-FROM ' + security.xframe.source;
		}
		}
		else {
		security._xframe = security.xframe.rule.toUpperCase();
		}
		}
		}

		// Handler
		@@ -233,3 +188,3 @@
		this._extensions = {
		onPreResponse: this._combineExtensions('onPreResponse')
		onPreResponse: Ext.combine(this, 'onPreResponse')
		};
		@@ -242,6 +197,6 @@

		this._extensions.onPreAuth = this._combineExtensions('onPreAuth');
		this._extensions.onPostAuth = this._combineExtensions('onPostAuth');
		this._extensions.onPreHandler = this._combineExtensions('onPreHandler');
		this._extensions.onPostHandler = this._combineExtensions('onPostHandler');
		this._extensions.onPreAuth = Ext.combine(this, 'onPreAuth');
		this._extensions.onPostAuth = Ext.combine(this, 'onPostAuth');
		this._extensions.onPreHandler = Ext.combine(this, 'onPreHandler');
		this._extensions.onPostHandler = Ext.combine(this, 'onPostHandler');

		@@ -252,28 +207,2 @@ this.rebuild();

		internals.Route.prototype._combineExtensions = function (type, subscribe) {

		const ext = new Ext(type, this.server);

		const events = this.settings.ext[type];
		if (events) {
		for (let i = 0; i < events.length; ++i) {
		const event = Hoek.shallow(events[i]);
		Hoek.assert(!event.options.sandbox, 'Cannot specify sandbox option for route extension');
		event.plugin = this.plugin;
		ext.add(event);
		}
		}

		const connection = this.connection._extensions[type];
		const realm = this.plugin.realm._extensions[type];

		ext.merge([connection, realm]);

		connection.subscribe(this);
		realm.subscribe(this);

		return ext;
		};


		internals.Route.prototype.rebuild = function (event) {
		@@ -280,0 +209,0 @@

8

lib/schema.js

		@@ -97,3 +97,4 @@ 'use strict';
		space: Joi.number().allow(null),
		suffix: Joi.string().allow(null)
		suffix: Joi.string().allow(null),
		escape: Joi.boolean().default(false)
		}),
		@@ -109,6 +110,3 @@ jsonp: Joi.string(),
		.allow(false),
		allow: [
		Joi.string(),
		Joi.array()
		],
		allow: Joi.array().items(Joi.string()).single(),
		override: Joi.string(),
		@@ -115,0 +113,0 @@ maxBytes: Joi.number().integer().positive(),

40

lib/transmit.js

		@@ -15,2 +15,3 @@ 'use strict';
		const Response = require('./response');
		const Security = require('./security');

		@@ -56,3 +57,3 @@
		internals.content(response, false);
		internals.security(response);
		Security.headers(response);
		internals.unmodified(response);
		@@ -335,2 +336,6 @@

		if (response.settings.message) {
		res.statusMessage = response.settings.message;
		}

		try {
		@@ -343,6 +348,2 @@ res.writeHead(response.statusCode);

		if (response.settings.message) {
		res.statusMessage = response.settings.message;
		}

		return null;
		@@ -391,31 +392,2 @@ };

		internals.security = function (response) {

		const request = response.request;

		const security = request.route.settings.security;
		if (security) {
		if (security._hsts) {
		response._header('strict-transport-security', security._hsts, { override: false });
		}

		if (security._xframe) {
		response._header('x-frame-options', security._xframe, { override: false });
		}

		if (security.xss) {
		response._header('x-xss-protection', '1; mode=block', { override: false });
		}

		if (security.noOpen) {
		response._header('x-download-options', 'noopen', { override: false });
		}

		if (security.noSniff) {
		response._header('x-content-type-options', 'nosniff', { override: false });
		}
		}
		};


		internals.content = function (response, postMarshal) {
		@@ -422,0 +394,0 @@

2

package.json

		@@ -5,3 +5,3 @@ {
		"homepage": "http://hapijs.com",
		"version": "16.5.2",
		"version": "16.6.0",
		"repository": {
		@@ -8,0 +8,0 @@ "type": "git",

hapi - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics