Closed runk closed 10 years ago
The next version should be released this week. It has a slightly different CSRF implementation (drops connect's and instead allows for an overridable implementation), so it will likely be 1.0
now that the API is more mature.
I'll keep this open and comment back once I publish it.
Thanks for update :+1:
v1.0.0 was just published.
It should be a drop in replacement unless you were using any of the CSRF methods from express outside of just reading the token and passing it along (this shouldn't be common).
Thanks!
Just a small thing - xssProtection
method slightly inconsistent with others such as p3p
, csft
etc. Shouldn't it be just xss
?
Yes, I was torn with the naming on that as well, but ultimately it accurately reflects the name of the header, e.g.:
CSP - csp()
CSRF -csrf()
...
XSS-PROTECTION - xssProtection()
Sorry for the terrible name =). I just thought that xss
wasn't descriptive enough. Lots of these options help protect from XSS, so it's weird to name it xss
... although xssProtection isn't much better.
Another thing. https://github.com/paypal/lusca/blob/master/package.json has version 0.1.2
but in npm registry version is 1.0.0
:/
Oh, cache strikes. My apologies!
When are you planning to release the next version? Any estimates?