Releases · expressjs/csurf · GitHub

This repository was archived by the owner on May 14, 2025. It is now read-only.

19 Jan 04:28

dougwilson

1.11.0 Latest

Latest

deps: cookie@0.4.0
- Add SameSite=None support
deps: http-errors@~1.7.3
- deps: inherits@2.0.4

Assets 2

23 Apr 01:32

dougwilson

1.10.0

deps: csrf@3.1.0
- Remove base64-url dependency
- deps: tsscmp@1.0.6
- deps: uid-safe@2.1.5
deps: http-errors@~1.7.2
- Make message property enumerable for HttpErrors
- Set constructor name when possible
- deps: depd@~1.1.2
- deps: inherits@2.0.3
- deps: setprototypeof@1.1.1
- deps: statuses@'>= 1.5.0 < 2'
perf: remove argument reassignment
perf: use plain object for internal cookie options

Assets 2

27 Mar 04:28

dougwilson

1.9.0

Pass invalid csrf token error to next() instead of throwing
Pass misconfigured error to next() instead of throwing
Provide misconfigured error when using cookies without cookie-parser
deps: cookie@0.3.1
- Add sameSite option
- Fix cookie Max-Age to never be a floating point number
- Improve error message when expires is not a Date
- Throw better error for invalid argument to parse
- Throw on invalid values provided to serialize
- perf: enable strict mode
- perf: hoist regular expression
- perf: use for loop in parse
- perf: use string concatination for serialization
deps: csrf@~3.0.3
- Use tsscmp module for timing-safe token verification
- deps: base64-url@1.2.2
- deps: rndm@1.2.0
- deps: uid-safe@2.1.1
deps: http-errors@~1.5.0
- Add HttpError export, for err instanceof createError.HttpError
- Support new code 421 Misdirected Request
- Use setprototypeof module to replace __proto__ setting
- deps: inherits@2.0.1
- deps: statuses@'>= 1.3.0 < 2'
- perf: enable strict mode
perf: enable strict mode
perf: remove argument reassignment

Assets 2

11 Jun 01:20

dougwilson

1.8.3

deps: cookie@0.1.3
- Slight optimizations

Assets 2

10 May 03:40

dougwilson

1.8.2

deps: csrf@~3.0.0
- deps: uid-safe@~2.0.0

Assets 2

10 May 03:40

dougwilson

1.8.1

deps: csrf@~2.0.7
- Fix compatibility with crypto.DEFAULT_ENCODING global changes

Assets 2

08 Apr 03:17

dougwilson

1.8.0

Add sessionKey option

Assets 2

15 Feb 23:11

dougwilson

1.7.0

Accept CSRF-Token and XSRF-Token request headers
Default cookie.path to '/', if using cookies
deps: cookie-signature@1.0.6
deps: csrf@~2.0.6
- deps: base64-url@1.2.1
- deps: uid-safe@~1.1.0
deps: http-errors@~1.3.1
- Construct errors using defined constructors from createError
- Fix error names that are not identifiers
- Set a meaningful name property on constructed errors

Assets 2