why deprecate csrf@2 - Githubissues

koajs / csrf

CSRF tokens for koa

MIT License

264 stars 32 forks source link

why deprecate csrf@2 #28

Closed dead-horse closed 8 years ago

dead-horse commented 8 years ago

koa-csrf@2.5.0 deprecate: If you are using Koa v3.x, please make sure you are on at least 3.0.3 due to CSRF session reset issue (prevents XHR from working properly for example)

is this a mistake?

shaoshuai0102 commented 8 years ago

same question here

niftylettuce commented 8 years ago

Ah I forgot to make it > 3 and < 3.0.3. I can fix.

niftylettuce commented 8 years ago

I went ahead and removed the deprecation notice. I'm not sure how to write this... npm deprecate koa-csrf@"<3.0.3&>=3.0.0"... do either of you @dead-horse @shaoshuai0102?

niftylettuce commented 8 years ago

cc @jonathanong how do you write a deprecation notice between two versions? I'm not sure how.

ngot commented 8 years ago

How about this now？

atian25 commented 8 years ago

@niftylettuce any progress?

niftylettuce commented 8 years ago

no progress, I don't know how to do it, other than if we add a Readme notice

luckydrq commented 8 years ago

Sorry, but what does the CSRF session reset issue refer to?