Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More
Socket
Sign inDemoInstall
Socket
Sign inDemoInstall

tough-cookie

Package Overview
Dependencies
Maintainers
1
Versions
49
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

tough-cookie - npm Package Compare versions

Comparing version 0.9.3 to 0.9.4

lib/.cookie.js.swn

11

lib/cookie.js

@@ -703,4 +703,3 @@ /*

// S5.3 step 3: NOOP; persistent-flag and expiry-time are handled by
// isPersistent() and TTL(), respectively
// S5.3 step 3: NOOP; persistent-flag and expiry-time is handled by getCookie()

@@ -738,2 +737,5 @@ // S5.3 step 4: NOOP; domain is null by default

cookie.pathIsDefault = true;
} else {
if (cookie.path.length > 1 && cookie.path.substr(-1) == '/')
cookie.path = cookie.path.slice(0,-1);
}

@@ -792,2 +794,4 @@

var now = options.now || Date.now();
var expireCheck = options.expire !== false;
console.log(expireCheck);
var store = this.store;

@@ -823,3 +827,4 @@

// deferred from S5.3
if (c.expiryTime() <= now) {
// non-RFC: allow retention of expired cookies by choice
if (expireCheck && c.expiryTime() <= now) {
store.removeCookie(c.domain, c.path, c.key, function(){}); // result ignored

@@ -826,0 +831,0 @@ return false;

12

lib/memstore.js
var tough = require('./cookie');
var permuteDomain = tough.permuteDomain;
var permutePath = tough.permutePath;
var util = require('util');

@@ -11,2 +12,7 @@ function MemoryCookieStore() {

// force a default depth:
MemoryCookieStore.prototype.inspect = function inspect() {
return "{ idx: "+util.inspect(this.idx, false, 2)+' }';
};
MemoryCookieStore.prototype.findCookie = function findCookie(domain, path, key, cb) {

@@ -20,5 +26,7 @@ if (!this.idx[domain]) return cb(null,undefined);

var results = [];
var domains = permuteDomain(domain), dlen = domains.length;
if (!domain || !path) return cb(null,[]);
var domains = permuteDomain(domain)||[domain], dlen = domains.length;
var paths = permutePath(path), plen = paths.length;
var i,j;
for (var i=0; i<dlen; i++) {

@@ -25,0 +33,0 @@ var curDomain = domains[i];

2

package.json

@@ -6,3 +6,3 @@ {

"keywords": "HTTP cookie cookies set-cookie cookiejar jar RFC6265 RFC2965",
"version": "0.9.3",
"version": "0.9.4",
"homepage": "https://github.com/goinstant/node-cookie",

@@ -9,0 +9,0 @@ "repository": {

15

README.md

@@ -234,8 +234,12 @@ [RFC6265](http://tools.ietf.org/html/rfc6265) Cookies and CookieJar for Node.js

The `options` object can be omitted. Options are:
The `options` object can be omitted and can have the following properties:
* _http_ - boolean - default `true` - indicates if this is an HTTP or non-HTTP API. Affects HttpOnly cookies.
* _secure_ - boolean - autodetect from url - indicates if this is a "Secure" API. If the currentUrl starts with `https:` or `wss:` then this is defaulted to `true`, otherwise `false`.
* _now_ - Date - default `new Date()` - what to use for the creation/access time of cookies
* _strict_ - boolean - default `false` - perform extra checks
* _ignoreError_ - boolean - default `false` - silently ignore things like parse errors and invalid domains. CookieStore errors aren't ignored by this option.
As per the RFC, the `.hostOnly` property is set if there was no "Domain=" parameter in the cookie string (or `.domain` was null on the Cookie object). The `.domain` property is set to the fully-qualified hostname of `currentUrl` in this case. Matching this cookie requires an exact hostname match (not a `domainMatch` as per usual).
.storeCookie(cookie, [{options},] cb(err,cookie))

@@ -253,4 +257,9 @@ -------------------------------------------------

The `options` object can be omitted. If the url starts with `https:` or `wss:` then `{secure:true}` is implied for the options. Disable this by passing `{secure:false}`. If you want to simulate a non-HTTP API, pass the option `{http:false}`, otherwise it defaults to `true`.
The `options` object can be omitted and can have the following properties:
* _http_ - boolean - default `true` - indicates if this is an HTTP or non-HTTP API. Affects HttpOnly cookies.
* _secure_ - boolean - autodetect from url - indicates if this is a "Secure" API. If the currentUrl starts with `https:` or `wss:` then this is defaulted to `true`, otherwise `false`.
* _now_ - Date - default `new Date()` - what to use for the creation/access time of cookies
* _expire_ - boolean - default `true` - perform expiry-time checking of cookies and asynchronously remove expired cookies from the store. Using `false` will return expired cookies and **not** remove them from the store (which is useful for replaying Set-Cookie headers, potentially).
The `.lastAccessed` property of the returned cookies will have been updated.

@@ -257,0 +266,0 @@

73

test.js

@@ -546,6 +546,6 @@ /*

assert.strictEqual(c.path, null);
cj.setCookie(c, 'http://example.com/dir/index.html', this.callback);
cj.setCookie(c, 'http://www.example.com/dir/index.html', this.callback);
},
"works": function(c) { assert.instanceOf(c,Cookie) },
"gets the domain": function(c) { assert.equal(c.domain, 'example.com') },
"gets the domain": function(c) { assert.equal(c.domain, 'www.example.com') },
"gets the default path": function(c) { assert.equal(c.path, '/dir') },

@@ -721,2 +721,11 @@ "is 'hostOnly'": function(c) { assert.ok(c.hostOnly) },

},
"then retrieving for http://www.example.com/": {
topic: function(cj,results) {
cj.getCookies('http://www.example.com/foo/bar',this.callback);
},
"get a bunch of cookies": function(cookies) {
var names = cookies.map(function(c) {return c.key});
assert.deepEqual(names, ['d','a','b']); // note lack of 'e'
},
},
},

@@ -922,2 +931,62 @@ "Repeated names": {

}
}).addBatch({
"Issue 1": {
topic: function() {
var cj = new CookieJar();
cj.setCookie('hello=world; path=/some/path/', 'http://domain/some/path/file', function(err,cookie) {
this.callback(err,{cj:cj, cookie:cookie});
}.bind(this));
},
"stored a cookie": function(t) {
assert.ok(t.cookie);
},
"cookie's path was modified to remove unnecessary slash": function(t) {
assert.equal(t.cookie.path, '/some/path');
},
"getting it back": {
topic: function(t) {
t.cj.getCookies('http://domain/some/path/file', function(err,cookies) {
this.callback(err, {cj:t.cj, cookies:cookies||[]});
}.bind(this));
},
"got one cookie": function(t) {
assert.length(t.cookies, 1);
},
"it's the right one": function(t) {
var c = t.cookies[0];
assert.equal(c.key, 'hello');
assert.equal(c.value, 'world');
},
}
}
}).addBatch({
"expiry option": {
topic: function() {
var cb = this.callback;
var cj = new CookieJar();
cj.setCookie('near=expiry; Domain=example.com; Path=/; Max-Age=1','http://www.example.com',at(-1), function(err,cookie) {
cb(err, {cj:cj, cookie:cookie});
});
},
"set the cookie": function(t) {
assert.ok(t.cookie, "didn't set?!");
assert.equal(t.cookie.key, 'near');
},
"then, retrieving": {
topic: function(t) {
var cb = this.callback;
setTimeout(function() {
t.cj.getCookies('http://www.example.com', {http:true, expire:false}, function(err,cookies) {
t.cookies = cookies;
cb(err,t);
});
},2000);
},
"got the cookie": function(t) {
assert.length(t.cookies, 1);
assert.equal(t.cookies[0].key, 'near');
},
}
}
}).export(module);
lib/.cookie.js.swo

Sorry, the diff of this file is not supported yet

SocketSocket SOC 2 Logo

Product

  • Package Alerts
  • Integrations
  • Docs
  • Pricing
  • FAQ
  • Roadmap
  • Changelog

About

Packages

npm

Go

Maven

PyPI

Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc