Csurf Versions Save

CSRF token middleware

1.11.0

4 years ago

1.10.0

5 years ago

1.9.0

7 years ago
  • Pass invalid csrf token error to next() instead of throwing
  • Pass misconfigured error to next() instead of throwing
  • Provide misconfigured error when using cookies without cookie-parser
  • deps: [email protected]
    • Add sameSite option
    • Fix cookie Max-Age to never be a floating point number
    • Improve error message when expires is not a Date
    • Throw better error for invalid argument to parse
    • Throw on invalid values provided to serialize
    • perf: enable strict mode
    • perf: hoist regular expression
    • perf: use for loop in parse
    • perf: use string concatination for serialization
  • deps: csrf@~3.0.3
  • deps: http-errors@~1.5.0
    • Add HttpError export, for err instanceof createError.HttpError
    • Support new code 421 Misdirected Request
    • Use setprototypeof module to replace __proto__ setting
    • deps: [email protected]
    • deps: statuses@'>= 1.3.0 < 2'
    • perf: enable strict mode
  • perf: enable strict mode
  • perf: remove argument reassignment

1.8.3

8 years ago

1.8.2

9 years ago
  • deps: csrf@~3.0.0
    • deps: uid-safe@~2.0.0

1.8.1

9 years ago
  • deps: csrf@~2.0.7
    • Fix compatibility with crypto.DEFAULT_ENCODING global changes

1.8.0

9 years ago
  • Add sessionKey option

1.7.0

9 years ago
  • Accept CSRF-Token and XSRF-Token request headers
  • Default cookie.path to '/', if using cookies
  • deps: [email protected]
  • deps: csrf@~2.0.6
  • deps: http-errors@~1.3.1
    • Construct errors using defined constructors from createError
    • Fix error names that are not identifiers
    • Set a meaningful name property on constructed errors