2.5 KiB

Raw Blame History

1.8.3 / 2015-06-10

deps: cookie@0.1.3
- Slight optimizations

1.8.2 / 2015-05-09

deps: csrf@~3.0.0
- deps: uid-safe@~2.0.0

1.8.1 / 2015-05-03

deps: csrf@~2.0.7
- Fix compatibility with crypto.DEFAULT_ENCODING global changes

1.8.0 / 2015-04-07

Add sessionKey option

1.7.0 / 2015-02-15

Accept CSRF-Token and XSRF-Token request headers
Default cookie.path to '/', if using cookies
deps: cookie-signature@1.0.6
deps: csrf@~2.0.6
- deps: base64-url@1.2.1
- deps: uid-safe@~1.1.0
deps: http-errors@~1.3.1

Construct errors using defined constructors from createError
Fix error names that are not identifiers
Set a meaningful name property on constructed errors

1.6.6 / 2015-01-31

deps: csrf@~2.0.5
- deps: base64-url@1.2.0
- deps: uid-safe@~1.0.3

1.6.5 / 2015-01-08

deps: csrf@~2.0.4
- deps: uid-safe@~1.0.2

1.6.4 / 2014-12-30

deps: csrf@~2.0.3
- Slight speed improvement for verify
- deps: base64-url@1.1.0
- deps: rndm@~1.1.0
deps: http-errors@~1.2.8

Fix stack trace from exported function

1.6.3 / 2014-11-09

deps: csrf@~2.0.2
- deps: scmp@1.0.0
deps: http-errors@~1.2.7

Remove duplicate line

1.6.2 / 2014-10-14

Fix cookie name when using cookie: true
deps: http-errors@~1.2.6
- Fix expose to be true for ClientError constructor
- Use inherits instead of util
- deps: statuses@1

1.6.1 / 2014-09-05

deps: cookie-signature@1.0.5

1.6.0 / 2014-09-03

Set code property on CSRF token errors

1.5.0 / 2014-08-24

Add ignoreMethods option

1.4.1 / 2014-08-22

Use csrf-tokens instead of csrf

1.4.0 / 2014-07-30

Support changing req.session after csurf middleware
- Calling res.csrfToken() after req.session.destroy() will now work

1.3.0 / 2014-07-03

Add support for environments without res.cookie (connect@3)

1.2.2 / 2014-06-18

deps: csrf-tokens@~2.0.0

1.2.1 / 2014-06-09

Refactor to use csrf-tokens module

1.2.0 / 2014-05-13

Add support for double-submit cookie

1.1.0 / 2014-04-06

Add constant-time string compare