helmet - npm Package Versions

0.6.0 - 2015-01-21

Added

• You can disable csp for Android

Fixed

• csp on Chrome Mobile on Android and iOS

0.5.4 - 2014-12-21

Changed

• nocache should force revalidation

0.5.3 - 2014-12-08

Changed

• platform version in CSP and X-XSS-Protection

Fixed

• Updated bad wording in frameguard docs

0.5.2 - 2014-11-16

Changed

• Updated Connect version

Fixed

• Fixed minor csp bugfixes

0.5.1 - 2014-11-09

Changed

• Updated URLs in package.json for new URL

Fixed

• CSP would set all headers forever after receiving an unknown user agent

0.5.0 - 2014-10-28

Added

• Most middlewares have some aliases now

Changed

• xframe now called frameguard (though xframe still works)
• frameguard chooses sameorigin by default
• frameguard understands "SAME-ORIGIN" in addition to "SAMEORIGIN"
• nocache removed from default middleware stack
• Middleware split out into their own modules
• Documentation
• Updated supported Node version to at least 0.10.0
• Bumped Connect version

Removed

• Deprecation warnings

Fixed

• Readme link was broken

0.4.2 - 2014-10-16

Added

• Support preload in HSTS header

0.4.1 - 2014-08-24

Added

• Use helmet-crossdomain to test the waters
• 2 spaces instead of 4 throughout the code

0.4.0 - 2014-07-17

Added

• nocache now sets the Expires and Pragma headers
• nocache now allows you to crush ETags

Changed

• Improved the docs for nosniff
• Reverted HSTS behavior of requiring a specified max-age

Fixed

• Allow HSTS to have a max-age of 0

0.3.2 - 2014-06-30

Added

• All middleware functions are named
• Throw error with non-positive HSTS max-age

Changed

• Added semicolons in README
• Make some Errors more specific

Removed

• Removed all comment headers; refer to the readme

Fixed

• helmet() was having issues
• Fixed Syntax errors in README

This changelog was created after the release of 0.3.1.