0.1.2 release

[runk]

When are you planning to release the next version? Any estimates?

[jeffharrell]

The next version should be released this week. It has a slightly different CSRF implementation (drops connect's and instead allows for an overridable implementation), so it will likely be 1.0 now that the API is more mature.

[jeffharrell]

I'll keep this open and comment back once I publish it.

[runk]

Thanks for update :+1:

[jeffharrell]

v1.0.0 was just published.

It should be a drop in replacement unless you were using any of the CSRF methods from express outside of just reading the token and passing it along (this shouldn't be common).

[runk]

Thanks!

Just a small thing - xssProtection method slightly inconsistent with others such as p3p, csft etc. Shouldn't it be just xss?

[jeffharrell]

Yes, I was torn with the naming on that as well, but ultimately it accurately reflects the name of the header, e.g.:

CSP - csp() CSRF -csrf() ... XSS-PROTECTION - xssProtection()

[mstuart]

Sorry for the terrible name =). I just thought that xss wasn't descriptive enough. Lots of these options help protect from XSS, so it's weird to name it xss... although xssProtection isn't much better.

[runk]

Another thing. https://github.com/paypal/lusca/blob/master/package.json has version 0.1.2 but in npm registry version is 1.0.0 :/

[runk]

Oh, cache strikes. My apologies!