Skip to content
This repository has been archived by the owner on Sep 14, 2022. It is now read-only.

Releases: expressjs/csurf

1.11.0

19 Jan 04:28
@dougwilson dougwilson
1.11.0
daaeb5d
Compare
Choose a tag to compare
1.11.0 Latest
Latest
  • deps: cookie@0.4.0
    • Add SameSite=None support
  • deps: http-errors@~1.7.3
    • deps: inherits@2.0.4
Assets 2

1.10.0

23 Apr 01:32
@dougwilson dougwilson
1.10.0
248112a
Compare
Choose a tag to compare
1.10.0
  • deps: csrf@3.1.0
    • Remove base64-url dependency
    • deps: tsscmp@1.0.6
    • deps: uid-safe@2.1.5
  • deps: http-errors@~1.7.2
    • Make message property enumerable for HttpErrors
    • Set constructor name when possible
    • deps: depd@~1.1.2
    • deps: inherits@2.0.3
    • deps: setprototypeof@1.1.1
    • deps: statuses@'>= 1.5.0 < 2'
  • perf: remove argument reassignment
  • perf: use plain object for internal cookie options
Assets 2

1.9.0

27 Mar 04:28
@dougwilson dougwilson
1.9.0
6359a02
Compare
Choose a tag to compare
1.9.0
  • Pass invalid csrf token error to next() instead of throwing
  • Pass misconfigured error to next() instead of throwing
  • Provide misconfigured error when using cookies without cookie-parser
  • deps: cookie@0.3.1
    • Add sameSite option
    • Fix cookie Max-Age to never be a floating point number
    • Improve error message when expires is not a Date
    • Throw better error for invalid argument to parse
    • Throw on invalid values provided to serialize
    • perf: enable strict mode
    • perf: hoist regular expression
    • perf: use for loop in parse
    • perf: use string concatination for serialization
  • deps: csrf@~3.0.3
    • Use tsscmp module for timing-safe token verification
    • deps: base64-url@1.2.2
    • deps: rndm@1.2.0
    • deps: uid-safe@2.1.1
  • deps: http-errors@~1.5.0
    • Add HttpError export, for err instanceof createError.HttpError
    • Support new code 421 Misdirected Request
    • Use setprototypeof module to replace __proto__ setting
    • deps: inherits@2.0.1
    • deps: statuses@'>= 1.3.0 < 2'
    • perf: enable strict mode
  • perf: enable strict mode
  • perf: remove argument reassignment
Assets 2

1.8.3

11 Jun 01:20
@dougwilson dougwilson
1.8.3
3ebc176
Compare
Choose a tag to compare
1.8.3
  • deps: cookie@0.1.3
    • Slight optimizations
Assets 2

1.8.2

10 May 03:40
@dougwilson dougwilson
1.8.2
042f00c
Compare
Choose a tag to compare
1.8.2
  • deps: csrf@~3.0.0
    • deps: uid-safe@~2.0.0
Assets 2

1.8.1

10 May 03:40
@dougwilson dougwilson
1.8.1
5666b42
Compare
Choose a tag to compare
1.8.1
  • deps: csrf@~2.0.7
    • Fix compatibility with crypto.DEFAULT_ENCODING global changes
Assets 2

1.8.0

08 Apr 03:17
@dougwilson dougwilson
1.8.0
086097b
Compare
Choose a tag to compare
1.8.0
  • Add sessionKey option
Assets 2

1.7.0

15 Feb 23:11
@dougwilson dougwilson
1.7.0
9f86080
Compare
Choose a tag to compare
1.7.0
  • Accept CSRF-Token and XSRF-Token request headers
  • Default cookie.path to '/', if using cookies
  • deps: cookie-signature@1.0.6
  • deps: csrf@~2.0.6
    • deps: base64-url@1.2.1
    • deps: uid-safe@~1.1.0
  • deps: http-errors@~1.3.1
    • Construct errors using defined constructors from createError
    • Fix error names that are not identifiers
    • Set a meaningful name property on constructed errors
Assets 2