├── test ├── support │ └── env.js ├── app.listen.js ├── fqdn.js ├── server.js └── mounting.js ├── .gitignore ├── .travis.yml ├── LICENSE ├── package.json ├── index.js ├── README.md └── HISTORY.md /test/support/env.js: -------------------------------------------------------------------------------- 1 | 2 | process.env.NODE_ENV = 'test'; 3 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | coverage/ 2 | .DS_Store 3 | pids 4 | logs 5 | results 6 | *.pid 7 | *.gz 8 | *.log 9 | test/fixtures/foo.bar.baz.css 10 | test/fixtures/style.css 11 | test/fixtures/script.js 12 | test.js 13 | docs/*.html 14 | docs/*.json 15 | node_modules 16 | .idea 17 | *.iml 18 | -------------------------------------------------------------------------------- /test/app.listen.js: -------------------------------------------------------------------------------- 1 | 2 | var connect = require('..'); 3 | var request = require('supertest'); 4 | 5 | describe('app.listen()', function(){ 6 | it('should wrap in an http.Server', function(done){ 7 | var app = connect(); 8 | 9 | app.use(function(req, res){ 10 | res.end(); 11 | }); 12 | 13 | app.listen(0, function(){ 14 | request(app) 15 | .get('/') 16 | .expect(200, done); 17 | }); 18 | }); 19 | }); 20 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: node_js 2 | node_js: 3 | - "0.10" 4 | - "0.12" 5 | - "1.8" 6 | - "2.5" 7 | - "3.3" 8 | - "4.8" 9 | - "5.12" 10 | - "6.10" 11 | - "7.9" 12 | sudo: false 13 | cache: 14 | directories: 15 | - node_modules 16 | before_install: 17 | - "test ! -d node_modules || npm prune" 18 | - "test ! -d node_modules || npm rebuild" 19 | script: 20 | - "npm run-script test-travis" 21 | after_script: 22 | - "npm install coveralls@2 && cat ./coverage/lcov.info | coveralls" 23 | -------------------------------------------------------------------------------- /LICENSE: -------------------------------------------------------------------------------- 1 | (The MIT License) 2 | 3 | Copyright (c) 2010 Sencha Inc. 4 | Copyright (c) 2011 LearnBoost 5 | Copyright (c) 2011-2014 TJ Holowaychuk 6 | Copyright (c) 2015 Douglas Christopher Wilson 7 | 8 | Permission is hereby granted, free of charge, to any person obtaining 9 | a copy of this software and associated documentation files (the 10 | 'Software'), to deal in the Software without restriction, including 11 | without limitation the rights to use, copy, modify, merge, publish, 12 | distribute, sublicense, and/or sell copies of the Software, and to 13 | permit persons to whom the Software is furnished to do so, subject to 14 | the following conditions: 15 | 16 | The above copyright notice and this permission notice shall be 17 | included in all copies or substantial portions of the Software. 18 | 19 | THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, 20 | EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF 21 | MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. 22 | IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY 23 | CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, 24 | TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE 25 | SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. 26 | -------------------------------------------------------------------------------- /package.json: -------------------------------------------------------------------------------- 1 | { 2 | "name": "connect", 3 | "description": "High performance middleware framework", 4 | "version": "3.6.1", 5 | "author": "TJ Holowaychuk (http://tjholowaychuk.com)", 6 | "contributors": [ 7 | "Douglas Christopher Wilson ", 8 | "Jonathan Ong ", 9 | "Tim Caswell " 10 | ], 11 | "keywords": [ 12 | "framework", 13 | "web", 14 | "middleware", 15 | "connect", 16 | "rack" 17 | ], 18 | "repository": "senchalabs/connect", 19 | "dependencies": { 20 | "debug": "2.6.3", 21 | "finalhandler": "1.0.1", 22 | "parseurl": "~1.3.1", 23 | "utils-merge": "1.0.0" 24 | }, 25 | "devDependencies": { 26 | "istanbul": "0.4.5", 27 | "mocha": "3.2.0", 28 | "supertest": "2.0.0" 29 | }, 30 | "license": "MIT", 31 | "files": [ 32 | "LICENSE", 33 | "HISTORY.md", 34 | "README.md", 35 | "index.js" 36 | ], 37 | "engines": { 38 | "node": ">= 0.10.0" 39 | }, 40 | "scripts": { 41 | "test": "mocha --require test/support/env --reporter spec --bail --check-leaks test/", 42 | "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --require test/support/env --reporter dot --check-leaks test/", 43 | "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --require test/support/env --reporter spec --check-leaks test/" 44 | } 45 | } 46 | -------------------------------------------------------------------------------- /test/fqdn.js: -------------------------------------------------------------------------------- 1 | 2 | var assert = require('assert'); 3 | var connect = require('..'); 4 | var http = require('http'); 5 | var request = require('supertest'); 6 | 7 | describe('app.use()', function(){ 8 | var app; 9 | 10 | beforeEach(function(){ 11 | app = connect(); 12 | }); 13 | 14 | it('should not obscure FQDNs', function(done){ 15 | app.use(function(req, res){ 16 | res.end(req.url); 17 | }); 18 | 19 | rawrequest(app) 20 | .get('http://example.com/foo') 21 | .expect(200, 'http://example.com/foo', done); 22 | }); 23 | 24 | describe('with a connect app', function(){ 25 | it('should ignore FQDN in search', function (done) { 26 | app.use('/proxy', function (req, res) { 27 | res.end(req.url); 28 | }); 29 | 30 | rawrequest(app) 31 | .get('/proxy?url=http://example.com/blog/post/1') 32 | .expect(200, '/?url=http://example.com/blog/post/1', done); 33 | }); 34 | 35 | it('should ignore FQDN in path', function (done) { 36 | app.use('/proxy', function (req, res) { 37 | res.end(req.url); 38 | }); 39 | 40 | rawrequest(app) 41 | .get('/proxy/http://example.com/blog/post/1') 42 | .expect(200, '/http://example.com/blog/post/1', done); 43 | }); 44 | 45 | it('should adjust FQDN req.url', function(done){ 46 | app.use('/blog', function(req, res){ 47 | res.end(req.url); 48 | }); 49 | 50 | rawrequest(app) 51 | .get('http://example.com/blog/post/1') 52 | .expect(200, 'http://example.com/post/1', done); 53 | }); 54 | 55 | it('should adjust FQDN req.url with multiple handlers', function(done){ 56 | app.use(function(req,res,next) { 57 | next(); 58 | }); 59 | 60 | app.use('/blog', function(req, res){ 61 | res.end(req.url); 62 | }); 63 | 64 | rawrequest(app) 65 | .get('http://example.com/blog/post/1') 66 | .expect(200, 'http://example.com/post/1', done); 67 | }); 68 | 69 | it('should adjust FQDN req.url with multiple routed handlers', function(done) { 70 | app.use('/blog', function(req,res,next) { 71 | next(); 72 | }); 73 | app.use('/blog', function(req, res) { 74 | res.end(req.url); 75 | }); 76 | 77 | rawrequest(app) 78 | .get('http://example.com/blog/post/1') 79 | .expect(200, 'http://example.com/post/1', done); 80 | }); 81 | }); 82 | }); 83 | 84 | function rawrequest(app) { 85 | var _path; 86 | var server = http.createServer(app); 87 | 88 | function expect(status, body, callback) { 89 | server.listen(function(){ 90 | var addr = this.address(); 91 | var hostname = addr.family === 'IPv6' ? '::1' : '127.0.0.1'; 92 | var port = addr.port; 93 | 94 | var req = http.get({ 95 | host: hostname, 96 | path: _path, 97 | port: port 98 | }); 99 | req.on('response', function(res){ 100 | var buf = ''; 101 | 102 | res.setEncoding('utf8'); 103 | res.on('data', function(s){ buf += s }); 104 | res.on('end', function(){ 105 | var err = null; 106 | 107 | try { 108 | assert.equal(res.statusCode, status); 109 | assert.equal(buf, body); 110 | } catch (e) { 111 | err = e; 112 | } 113 | 114 | server.close(); 115 | callback(err); 116 | }); 117 | }); 118 | }); 119 | } 120 | 121 | function get(path) { 122 | _path = path; 123 | 124 | return { 125 | expect: expect 126 | }; 127 | } 128 | 129 | return { 130 | get: get 131 | }; 132 | } 133 | -------------------------------------------------------------------------------- /test/server.js: -------------------------------------------------------------------------------- 1 | 2 | var assert = require('assert'); 3 | var connect = require('..'); 4 | var http = require('http'); 5 | var request = require('supertest'); 6 | 7 | describe('app', function(){ 8 | var app; 9 | 10 | beforeEach(function(){ 11 | app = connect(); 12 | }); 13 | 14 | it('should inherit from event emitter', function(done){ 15 | app.on('foo', done); 16 | app.emit('foo'); 17 | }); 18 | 19 | it('should work in http.createServer', function(done){ 20 | var app = connect(); 21 | 22 | app.use(function (req, res) { 23 | res.end('hello, world!'); 24 | }); 25 | 26 | var server = http.createServer(app); 27 | 28 | request(server) 29 | .get('/') 30 | .expect(200, 'hello, world!', done); 31 | }) 32 | 33 | it('should be a callable function', function(done){ 34 | var app = connect(); 35 | 36 | app.use(function (req, res) { 37 | res.end('hello, world!'); 38 | }); 39 | 40 | function handler(req, res) { 41 | res.write('oh, '); 42 | app(req, res); 43 | } 44 | 45 | var server = http.createServer(handler); 46 | 47 | request(server) 48 | .get('/') 49 | .expect(200, 'oh, hello, world!', done); 50 | }) 51 | 52 | it('should invoke callback if request not handled', function(done){ 53 | var app = connect(); 54 | 55 | app.use('/foo', function (req, res) { 56 | res.end('hello, world!'); 57 | }); 58 | 59 | function handler(req, res) { 60 | res.write('oh, '); 61 | app(req, res, function() { 62 | res.end('no!'); 63 | }); 64 | } 65 | 66 | var server = http.createServer(handler); 67 | 68 | request(server) 69 | .get('/') 70 | .expect(200, 'oh, no!', done); 71 | }) 72 | 73 | it('should invoke callback on error', function(done){ 74 | var app = connect(); 75 | 76 | app.use(function (req, res) { 77 | throw new Error('boom!'); 78 | }); 79 | 80 | function handler(req, res) { 81 | res.write('oh, '); 82 | app(req, res, function(err) { 83 | res.end(err.message); 84 | }); 85 | } 86 | 87 | var server = http.createServer(handler); 88 | 89 | request(server) 90 | .get('/') 91 | .expect(200, 'oh, boom!', done); 92 | }) 93 | 94 | it('should work as middleware', function(done){ 95 | // custom server handler array 96 | var handlers = [connect(), function(req, res, next){ 97 | res.writeHead(200, {'Content-Type': 'text/plain'}); 98 | res.end('Ok'); 99 | }]; 100 | 101 | // execute callbacks in sequence 102 | var n = 0; 103 | function run(req, res){ 104 | if (handlers[n]) { 105 | handlers[n++](req, res, function(){ 106 | run(req, res); 107 | }); 108 | } 109 | } 110 | 111 | // create a non-connect server 112 | var server = http.createServer(run); 113 | 114 | request(server) 115 | .get('/') 116 | .expect(200, 'Ok', done); 117 | }); 118 | 119 | it('should escape the 500 response body', function(done){ 120 | app.use(function(req, res, next){ 121 | next(new Error('error!')); 122 | }); 123 | request(app) 124 | .get('/') 125 | .expect(/Error: error!
/) 126 | .expect(/
   at/) 127 | .expect(500, done); 128 | }) 129 | 130 | describe('404 handler', function(){ 131 | it('should escape the 404 response body', function(done){ 132 | rawrequest(app) 133 | .get('/foo/') 134 | .expect(404, />Cannot GET \/foo\/%3Cscript%3Estuff'n%3C\/script%3Ealert()'); 166 | }) 167 | 168 | request(app) 169 | .get('/') 170 | .expect(500, /<script>alert\(\)<\/script>/, done); 171 | }) 172 | 173 | it('should use custom error code', function(done){ 174 | var app = connect(); 175 | 176 | app.use(function(req, res, next){ 177 | var err = new Error('ack!'); 178 | err.status = 503; 179 | throw err; 180 | }) 181 | 182 | request(app) 183 | .get('/') 184 | .expect(503, done); 185 | }) 186 | 187 | it('should keep error statusCode', function(done){ 188 | var app = connect(); 189 | 190 | app.use(function(req, res, next){ 191 | res.statusCode = 503; 192 | throw new Error('ack!'); 193 | }) 194 | 195 | request(app) 196 | .get('/') 197 | .expect(503, done); 198 | }) 199 | 200 | it('shoud not fire after headers sent', function(done){ 201 | var app = connect(); 202 | 203 | app.use(function(req, res, next){ 204 | res.write('body'); 205 | res.end(); 206 | process.nextTick(function() { 207 | next(new Error('ack!')); 208 | }); 209 | }) 210 | 211 | request(app) 212 | .get('/') 213 | .expect(200, done); 214 | }) 215 | 216 | it('shoud have no body for HEAD', function(done){ 217 | var app = connect(); 218 | 219 | app.use(function(req, res, next){ 220 | throw new Error('ack!'); 221 | }); 222 | 223 | request(app) 224 | .head('/') 225 | .expect(500, '', done); 226 | }); 227 | }); 228 | }); 229 | 230 | function rawrequest(app) { 231 | var _path; 232 | var server = http.createServer(app); 233 | 234 | function expect(status, body, callback) { 235 | server.listen(function(){ 236 | var addr = this.address(); 237 | var hostname = addr.family === 'IPv6' ? '::1' : '127.0.0.1'; 238 | var port = addr.port; 239 | 240 | var req = http.get({ 241 | host: hostname, 242 | path: _path, 243 | port: port 244 | }); 245 | req.on('response', function(res){ 246 | var buf = ''; 247 | 248 | res.setEncoding('utf8'); 249 | res.on('data', function(s){ buf += s }); 250 | res.on('end', function(){ 251 | var err = null; 252 | 253 | try { 254 | assert.equal(res.statusCode, status); 255 | 256 | if (body instanceof RegExp) { 257 | assert.ok(body.test(buf), 'expected body ' + buf + ' to match ' + body) 258 | } else { 259 | assert.equal(buf, body, 'expected ' + body + ' response body, got ' + buf) 260 | } 261 | } catch (e) { 262 | err = e; 263 | } 264 | 265 | server.close(); 266 | callback(err); 267 | }); 268 | }); 269 | }); 270 | } 271 | 272 | function get(path) { 273 | _path = path; 274 | 275 | return { 276 | expect: expect 277 | }; 278 | } 279 | 280 | return { 281 | get: get 282 | }; 283 | } 284 | -------------------------------------------------------------------------------- /index.js: -------------------------------------------------------------------------------- 1 | /*! 2 | * connect 3 | * Copyright(c) 2010 Sencha Inc. 4 | * Copyright(c) 2011 TJ Holowaychuk 5 | * Copyright(c) 2015 Douglas Christopher Wilson 6 | * MIT Licensed 7 | */ 8 | 9 | 'use strict'; 10 | 11 | /** 12 | * Module dependencies. 13 | * @private 14 | */ 15 | 16 | var debug = require('debug')('connect:dispatcher'); 17 | var EventEmitter = require('events').EventEmitter; 18 | var finalhandler = require('finalhandler'); 19 | var http = require('http'); 20 | var merge = require('utils-merge'); 21 | var parseUrl = require('parseurl'); 22 | 23 | /** 24 | * Module exports. 25 | * @public 26 | */ 27 | 28 | module.exports = createServer; 29 | 30 | /** 31 | * Module variables. 32 | * @private 33 | */ 34 | 35 | var env = process.env.NODE_ENV || 'development'; 36 | var proto = {}; 37 | 38 | /* istanbul ignore next */ 39 | var defer = typeof setImmediate === 'function' 40 | ? setImmediate 41 | : function(fn){ process.nextTick(fn.bind.apply(fn, arguments)) } 42 | 43 | /** 44 | * Create a new connect server. 45 | * 46 | * @return {function} 47 | * @public 48 | */ 49 | 50 | function createServer() { 51 | function app(req, res, next){ app.handle(req, res, next); } 52 | merge(app, proto); 53 | merge(app, EventEmitter.prototype); 54 | app.route = '/'; 55 | app.stack = []; 56 | return app; 57 | } 58 | 59 | /** 60 | * Utilize the given middleware `handle` to the given `route`, 61 | * defaulting to _/_. This "route" is the mount-point for the 62 | * middleware, when given a value other than _/_ the middleware 63 | * is only effective when that segment is present in the request's 64 | * pathname. 65 | * 66 | * For example if we were to mount a function at _/admin_, it would 67 | * be invoked on _/admin_, and _/admin/settings_, however it would 68 | * not be invoked for _/_, or _/posts_. 69 | * 70 | * @param {String|Function|Server} route, callback or server 71 | * @param {Function|Server} callback or server 72 | * @return {Server} for chaining 73 | * @public 74 | */ 75 | 76 | proto.use = function use(route, fn) { 77 | var handle = fn; 78 | var path = route; 79 | 80 | // default route to '/' 81 | if (typeof route !== 'string') { 82 | handle = route; 83 | path = '/'; 84 | } 85 | 86 | // wrap sub-apps 87 | if (typeof handle.handle === 'function') { 88 | var server = handle; 89 | server.route = path; 90 | handle = function (req, res, next) { 91 | server.handle(req, res, next); 92 | }; 93 | } 94 | 95 | // wrap vanilla http.Servers 96 | if (handle instanceof http.Server) { 97 | handle = handle.listeners('request')[0]; 98 | } 99 | 100 | // strip trailing slash 101 | if (path[path.length - 1] === '/') { 102 | path = path.slice(0, -1); 103 | } 104 | 105 | // add the middleware 106 | debug('use %s %s', path || '/', handle.name || 'anonymous'); 107 | this.stack.push({ route: path, handle: handle }); 108 | 109 | return this; 110 | }; 111 | 112 | /** 113 | * Handle server requests, punting them down 114 | * the middleware stack. 115 | * 116 | * @private 117 | */ 118 | 119 | proto.handle = function handle(req, res, out) { 120 | var index = 0; 121 | var protohost = getProtohost(req.url) || ''; 122 | var removed = ''; 123 | var slashAdded = false; 124 | var stack = this.stack; 125 | 126 | // final function handler 127 | var done = out || finalhandler(req, res, { 128 | env: env, 129 | onerror: logerror 130 | }); 131 | 132 | // store the original URL 133 | req.originalUrl = req.originalUrl || req.url; 134 | 135 | function next(err) { 136 | if (slashAdded) { 137 | req.url = req.url.substr(1); 138 | slashAdded = false; 139 | } 140 | 141 | if (removed.length !== 0) { 142 | req.url = protohost + removed + req.url.substr(protohost.length); 143 | removed = ''; 144 | } 145 | 146 | // next callback 147 | var layer = stack[index++]; 148 | 149 | // all done 150 | if (!layer) { 151 | defer(done, err); 152 | return; 153 | } 154 | 155 | // route data 156 | var path = parseUrl(req).pathname || '/'; 157 | var route = layer.route; 158 | 159 | // skip this layer if the route doesn't match 160 | if (path.toLowerCase().substr(0, route.length) !== route.toLowerCase()) { 161 | return next(err); 162 | } 163 | 164 | // skip if route match does not border "/", ".", or end 165 | var c = path[route.length]; 166 | if (c !== undefined && '/' !== c && '.' !== c) { 167 | return next(err); 168 | } 169 | 170 | // trim off the part of the url that matches the route 171 | if (route.length !== 0 && route !== '/') { 172 | removed = route; 173 | req.url = protohost + req.url.substr(protohost.length + removed.length); 174 | 175 | // ensure leading slash 176 | if (!protohost && req.url[0] !== '/') { 177 | req.url = '/' + req.url; 178 | slashAdded = true; 179 | } 180 | } 181 | 182 | // call the layer handle 183 | call(layer.handle, route, err, req, res, next); 184 | } 185 | 186 | next(); 187 | }; 188 | 189 | /** 190 | * Listen for connections. 191 | * 192 | * This method takes the same arguments 193 | * as node's `http.Server#listen()`. 194 | * 195 | * HTTP and HTTPS: 196 | * 197 | * If you run your application both as HTTP 198 | * and HTTPS you may wrap them individually, 199 | * since your Connect "server" is really just 200 | * a JavaScript `Function`. 201 | * 202 | * var connect = require('connect') 203 | * , http = require('http') 204 | * , https = require('https'); 205 | * 206 | * var app = connect(); 207 | * 208 | * http.createServer(app).listen(80); 209 | * https.createServer(options, app).listen(443); 210 | * 211 | * @return {http.Server} 212 | * @api public 213 | */ 214 | 215 | proto.listen = function listen() { 216 | var server = http.createServer(this); 217 | return server.listen.apply(server, arguments); 218 | }; 219 | 220 | /** 221 | * Invoke a route handle. 222 | * @private 223 | */ 224 | 225 | function call(handle, route, err, req, res, next) { 226 | var arity = handle.length; 227 | var error = err; 228 | var hasError = Boolean(err); 229 | 230 | debug('%s %s : %s', handle.name || '', route, req.originalUrl); 231 | 232 | try { 233 | if (hasError && arity === 4) { 234 | // error-handling middleware 235 | handle(err, req, res, next); 236 | return; 237 | } else if (!hasError && arity < 4) { 238 | // request-handling middleware 239 | handle(req, res, next); 240 | return; 241 | } 242 | } catch (e) { 243 | // replace the error 244 | error = e; 245 | } 246 | 247 | // continue 248 | next(error); 249 | } 250 | 251 | /** 252 | * Log error using console.error. 253 | * 254 | * @param {Error} err 255 | * @private 256 | */ 257 | 258 | function logerror(err) { 259 | if (env !== 'test') console.error(err.stack || err.toString()); 260 | } 261 | 262 | /** 263 | * Get get protocol + host for a URL. 264 | * 265 | * @param {string} url 266 | * @private 267 | */ 268 | 269 | function getProtohost(url) { 270 | if (url.length === 0 || url[0] === '/') { 271 | return undefined; 272 | } 273 | 274 | var searchIndex = url.indexOf('?'); 275 | var pathLength = searchIndex !== -1 276 | ? searchIndex 277 | : url.length; 278 | var fqdnIndex = url.substr(0, pathLength).indexOf('://'); 279 | 280 | return fqdnIndex !== -1 281 | ? url.substr(0, url.indexOf('/', 3 + fqdnIndex)) 282 | : undefined; 283 | } 284 | -------------------------------------------------------------------------------- /test/mounting.js: -------------------------------------------------------------------------------- 1 | 2 | var assert = require('assert'); 3 | var connect = require('..'); 4 | var http = require('http'); 5 | var request = require('supertest'); 6 | 7 | describe('app.use()', function(){ 8 | var app; 9 | 10 | beforeEach(function(){ 11 | app = connect(); 12 | }); 13 | 14 | it('should match all paths with "/"', function (done) { 15 | app.use('/', function (req, res) { 16 | res.end(req.url); 17 | }); 18 | 19 | request(app) 20 | .get('/blog') 21 | .expect(200, '/blog', done); 22 | }); 23 | 24 | it('should match full path', function (done) { 25 | app.use('/blog', function (req, res) { 26 | res.end(req.url); 27 | }); 28 | 29 | request(app) 30 | .get('/blog') 31 | .expect(200, '/', done); 32 | }); 33 | 34 | it('should match left-side of path', function (done) { 35 | app.use('/blog', function (req, res) { 36 | res.end(req.url); 37 | }); 38 | 39 | request(app) 40 | .get('/blog/article/1') 41 | .expect(200, '/article/1', done); 42 | }); 43 | 44 | it('should match up to dot', function (done) { 45 | app.use('/blog', function (req, res) { 46 | res.end(req.url) 47 | }) 48 | 49 | request(app) 50 | .get('/blog.json') 51 | .expect(200, done) 52 | }) 53 | 54 | it('should not match shorter path', function (done) { 55 | app.use('/blog-o-rama', function (req, res) { 56 | res.end(req.url); 57 | }); 58 | 59 | request(app) 60 | .get('/blog') 61 | .expect(404, done); 62 | }); 63 | 64 | it('should not end match in middle of component', function (done) { 65 | app.use('/blog', function (req, res) { 66 | res.end(req.url); 67 | }); 68 | 69 | request(app) 70 | .get('/blog-o-rama/article/1') 71 | .expect(404, done); 72 | }); 73 | 74 | it('should be case insensitive (lower-case route, mixed-case request)', function(done){ 75 | var blog = http.createServer(function(req, res){ 76 | assert.equal(req.url, '/'); 77 | res.end('blog'); 78 | }); 79 | 80 | app.use('/blog', blog); 81 | 82 | request(app) 83 | .get('/BLog') 84 | .expect('blog', done); 85 | }); 86 | 87 | it('should be case insensitive (mixed-case route, lower-case request)', function(done){ 88 | var blog = http.createServer(function(req, res){ 89 | assert.equal(req.url, '/'); 90 | res.end('blog'); 91 | }); 92 | 93 | app.use('/BLog', blog); 94 | 95 | request(app) 96 | .get('/blog') 97 | .expect('blog', done); 98 | }); 99 | 100 | it('should be case insensitive (mixed-case route, mixed-case request)', function(done){ 101 | var blog = http.createServer(function(req, res){ 102 | assert.equal(req.url, '/'); 103 | res.end('blog'); 104 | }); 105 | 106 | app.use('/BLog', blog); 107 | 108 | request(app) 109 | .get('/blOG') 110 | .expect('blog', done); 111 | }); 112 | 113 | it('should ignore fn.arity > 4', function(done){ 114 | var invoked = []; 115 | 116 | app.use(function(req, res, next, _a, _b){ 117 | invoked.push(0) 118 | next(); 119 | }); 120 | app.use(function(req, res, next){ 121 | invoked.push(1) 122 | next(new Error('err')); 123 | }); 124 | app.use(function(err, req, res, next){ 125 | invoked.push(2); 126 | res.end(invoked.join(',')); 127 | }); 128 | 129 | request(app) 130 | .get('/') 131 | .expect(200, '1,2', done); 132 | }); 133 | 134 | describe('with a connect app', function(){ 135 | it('should mount', function(done){ 136 | var blog = connect(); 137 | 138 | blog.use(function(req, res){ 139 | assert.equal(req.url, '/'); 140 | res.end('blog'); 141 | }); 142 | 143 | app.use('/blog', blog); 144 | 145 | request(app) 146 | .get('/blog') 147 | .expect(200, 'blog', done); 148 | }); 149 | 150 | it('should retain req.originalUrl', function(done){ 151 | var app = connect(); 152 | 153 | app.use('/blog', function(req, res){ 154 | res.end(req.originalUrl); 155 | }); 156 | 157 | request(app) 158 | .get('/blog/post/1') 159 | .expect(200, '/blog/post/1', done); 160 | }); 161 | 162 | it('should adjust req.url', function(done){ 163 | app.use('/blog', function(req, res){ 164 | res.end(req.url); 165 | }); 166 | 167 | request(app) 168 | .get('/blog/post/1') 169 | .expect(200, '/post/1', done); 170 | }); 171 | 172 | it('should strip trailing slash', function(done){ 173 | var blog = connect(); 174 | 175 | blog.use(function(req, res){ 176 | assert.equal(req.url, '/'); 177 | res.end('blog'); 178 | }); 179 | 180 | app.use('/blog/', blog); 181 | 182 | request(app) 183 | .get('/blog') 184 | .expect('blog', done); 185 | }); 186 | 187 | it('should set .route', function(){ 188 | var blog = connect(); 189 | var admin = connect(); 190 | app.use('/blog', blog); 191 | blog.use('/admin', admin); 192 | assert.equal(app.route, '/'); 193 | assert.equal(blog.route, '/blog'); 194 | assert.equal(admin.route, '/admin'); 195 | }); 196 | 197 | it('should not add trailing slash to req.url', function(done) { 198 | app.use('/admin', function(req, res, next) { 199 | next(); 200 | }); 201 | 202 | app.use(function(req, res, next) { 203 | res.end(req.url); 204 | }); 205 | 206 | request(app) 207 | .get('/admin') 208 | .expect('/admin', done); 209 | }) 210 | }) 211 | 212 | describe('with a node app', function(){ 213 | it('should mount', function(done){ 214 | var blog = http.createServer(function(req, res){ 215 | assert.equal(req.url, '/'); 216 | res.end('blog'); 217 | }); 218 | 219 | app.use('/blog', blog); 220 | 221 | request(app) 222 | .get('/blog') 223 | .expect('blog', done); 224 | }); 225 | }); 226 | 227 | describe('error handling', function(){ 228 | it('should send errors to airty 4 fns', function(done){ 229 | app.use(function(req, res, next){ 230 | next(new Error('msg')); 231 | }) 232 | app.use(function(err, req, res, next){ 233 | res.end('got error ' + err.message); 234 | }); 235 | 236 | request(app) 237 | .get('/') 238 | .expect('got error msg', done); 239 | }) 240 | 241 | it('should skip to non-error middleware', function(done){ 242 | var invoked = false; 243 | 244 | app.use(function(req, res, next){ 245 | next(new Error('msg')); 246 | }) 247 | app.use(function(req, res, next){ 248 | invoked = true; 249 | next(); 250 | }); 251 | app.use(function(err, req, res, next){ 252 | res.end(invoked ? 'invoked' : err.message); 253 | }); 254 | 255 | request(app) 256 | .get('/') 257 | .expect(200, 'msg', done); 258 | }) 259 | 260 | it('should start at error middleware declared after error', function(done){ 261 | var invoked = false; 262 | 263 | app.use(function(err, req, res, next){ 264 | res.end('fail: ' + err.message); 265 | }); 266 | app.use(function(req, res, next){ 267 | next(new Error('boom!')); 268 | }); 269 | app.use(function(err, req, res, next){ 270 | res.end('pass: ' + err.message); 271 | }); 272 | 273 | request(app) 274 | .get('/') 275 | .expect(200, 'pass: boom!', done); 276 | }) 277 | 278 | it('should stack error fns', function(done){ 279 | app.use(function(req, res, next){ 280 | next(new Error('msg')); 281 | }) 282 | app.use(function(err, req, res, next){ 283 | res.setHeader('X-Error', err.message); 284 | next(err); 285 | }); 286 | app.use(function(err, req, res, next){ 287 | res.end('got error ' + err.message); 288 | }); 289 | 290 | request(app) 291 | .get('/') 292 | .expect('X-Error', 'msg') 293 | .expect(200, 'got error msg', done); 294 | }) 295 | 296 | it('should invoke error stack even when headers sent', function(done){ 297 | app.use(function(req, res, next){ 298 | res.end('0'); 299 | next(new Error('msg')); 300 | }); 301 | app.use(function(err, req, res, next){ 302 | done(); 303 | }); 304 | 305 | request(app) 306 | .get('/') 307 | .end(function(){}); 308 | }) 309 | }) 310 | }); 311 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Connect 2 | 3 | [![NPM Version][npm-image]][npm-url] 4 | [![NPM Downloads][downloads-image]][downloads-url] 5 | [![Build Status][travis-image]][travis-url] 6 | [![Test Coverage][coveralls-image]][coveralls-url] 7 | [![Gratipay][gratipay-image]][gratipay-url] 8 | 9 | Connect is an extensible HTTP server framework for [node](http://nodejs.org) using "plugins" known as _middleware_. 10 | 11 | ```js 12 | var connect = require('connect'); 13 | var http = require('http'); 14 | 15 | var app = connect(); 16 | 17 | // gzip/deflate outgoing responses 18 | var compression = require('compression'); 19 | app.use(compression()); 20 | 21 | // store session state in browser cookie 22 | var cookieSession = require('cookie-session'); 23 | app.use(cookieSession({ 24 | keys: ['secret1', 'secret2'] 25 | })); 26 | 27 | // parse urlencoded request bodies into req.body 28 | var bodyParser = require('body-parser'); 29 | app.use(bodyParser.urlencoded({extended: false})); 30 | 31 | // respond to all requests 32 | app.use(function(req, res){ 33 | res.end('Hello from Connect!\n'); 34 | }); 35 | 36 | //create node.js http server and listen on port 37 | http.createServer(app).listen(3000); 38 | ``` 39 | 40 | ## Getting Started 41 | 42 | Connect is a simple framework to glue together various "middleware" to handle requests. 43 | 44 | ### Install Connect 45 | 46 | ```sh 47 | $ npm install connect 48 | ``` 49 | 50 | ### Create an app 51 | 52 | The main component is a Connect "app". This will store all the middleware 53 | added and is, itself, a function. 54 | 55 | ```js 56 | var app = connect(); 57 | ``` 58 | 59 | ### Use middleware 60 | 61 | The core of Connect is "using" middleware. Middleware are added as a "stack" 62 | where incoming requests will execute each middleware one-by-one until a middleware 63 | does not call `next()` within it. 64 | 65 | ```js 66 | app.use(function middleware1(req, res, next) { 67 | // middleware 1 68 | next(); 69 | }); 70 | app.use(function middleware2(req, res, next) { 71 | // middleware 2 72 | next(); 73 | }); 74 | ``` 75 | 76 | ### Mount middleware 77 | 78 | The `.use()` method also takes an optional path string that is matched against 79 | the beginning of the incoming request URL. This allows for basic routing. 80 | 81 | ```js 82 | app.use('/foo', function fooMiddleware(req, res, next) { 83 | // req.url starts with "/foo" 84 | next(); 85 | }); 86 | app.use('/bar', function barMiddleware(req, res, next) { 87 | // req.url starts with "/bar" 88 | next(); 89 | }); 90 | ``` 91 | 92 | ### Error middleware 93 | 94 | There are special cases of "error-handling" middleware. There are middleware 95 | where the function takes exactly 4 arguments. When a middleware passes an error 96 | to `next`, the app will proceed to look for the error middleware that was declared 97 | after that middleware and invoke it, skipping any error middleware above that 98 | middleware and any non-error middleware below. 99 | 100 | ```js 101 | // regular middleware 102 | app.use(function (req, res, next) { 103 | // i had an error 104 | next(new Error('boom!')); 105 | }); 106 | 107 | // error middleware for errors that occurred in middleware 108 | // declared before this 109 | app.use(function onerror(err, req, res, next) { 110 | // an error occurred! 111 | }); 112 | ``` 113 | 114 | ### Create a server from the app 115 | 116 | The last step is to actually use the Connect app in a server. The `.listen()` method 117 | is a convenience to start a HTTP server (and is identical to the `http.Server`'s `listen` 118 | method in the version of Node.js you are running). 119 | 120 | ```js 121 | var server = app.listen(port); 122 | ``` 123 | 124 | The app itself is really just a function with three arguments, so it can also be handed 125 | to `.createServer()` in Node.js. 126 | 127 | ```js 128 | var server = http.createServer(app); 129 | ``` 130 | 131 | ## Middleware 132 | 133 | These middleware and libraries are officially supported by the Connect/Express team: 134 | 135 | - [body-parser](https://www.npmjs.com/package/body-parser) - previous `bodyParser`, `json`, and `urlencoded`. You may also be interested in: 136 | - [body](https://www.npmjs.com/package/body) 137 | - [co-body](https://www.npmjs.com/package/co-body) 138 | - [raw-body](https://www.npmjs.com/package/raw-body) 139 | - [compression](https://www.npmjs.com/package/compression) - previously `compress` 140 | - [connect-timeout](https://www.npmjs.com/package/connect-timeout) - previously `timeout` 141 | - [cookie-parser](https://www.npmjs.com/package/cookie-parser) - previously `cookieParser` 142 | - [cookie-session](https://www.npmjs.com/package/cookie-session) - previously `cookieSession` 143 | - [csurf](https://www.npmjs.com/package/csurf) - previously `csrf` 144 | - [errorhandler](https://www.npmjs.com/package/errorhandler) - previously `error-handler` 145 | - [express-session](https://www.npmjs.com/package/express-session) - previously `session` 146 | - [method-override](https://www.npmjs.com/package/method-override) - previously `method-override` 147 | - [morgan](https://www.npmjs.com/package/morgan) - previously `logger` 148 | - [response-time](https://www.npmjs.com/package/response-time) - previously `response-time` 149 | - [serve-favicon](https://www.npmjs.com/package/serve-favicon) - previously `favicon` 150 | - [serve-index](https://www.npmjs.com/package/serve-index) - previously `directory` 151 | - [serve-static](https://www.npmjs.com/package/serve-static) - previously `static` 152 | - [vhost](https://www.npmjs.com/package/vhost) - previously `vhost` 153 | 154 | Most of these are exact ports of their Connect 2.x equivalents. The primary exception is `cookie-session`. 155 | 156 | Some middleware previously included with Connect are no longer supported by the Connect/Express team, are replaced by an alternative module, or should be superseded by a better module. Use one of these alternatives instead: 157 | 158 | - `cookieParser` 159 | - [cookies](https://www.npmjs.com/package/cookies) and [keygrip](https://www.npmjs.com/package/keygrip) 160 | - `limit` 161 | - [raw-body](https://www.npmjs.com/package/raw-body) 162 | - `multipart` 163 | - [connect-multiparty](https://www.npmjs.com/package/connect-multiparty) 164 | - [connect-busboy](https://www.npmjs.com/package/connect-busboy) 165 | - `query` 166 | - [qs](https://www.npmjs.com/package/qs) 167 | - `staticCache` 168 | - [st](https://www.npmjs.com/package/st) 169 | - [connect-static](https://www.npmjs.com/package/connect-static) 170 | 171 | Checkout [http-framework](https://github.com/Raynos/http-framework/wiki/Modules) for many other compatible middleware! 172 | 173 | ## API 174 | 175 | The Connect API is very minimalist, enough to create an app and add a chain 176 | of middleware. 177 | 178 | When the `connect` module is required, a function is returned that will construct 179 | a new app when called. 180 | 181 | ```js 182 | // require module 183 | var connect = require('connect') 184 | 185 | // create app 186 | var app = connect() 187 | ``` 188 | 189 | ### app(req, res[, next]) 190 | 191 | The `app` itself is a function. This is just an alias to `app.handle`. 192 | 193 | ### app.handle(req, res[, out]) 194 | 195 | Calling the function will run the middleware stack against the given Node.js 196 | http request (`req`) and response (`res`) objects. An optional function `out` 197 | can be provided that will be called if the request (or error) was not handled 198 | by the middleware stack. 199 | 200 | ### app.listen([...]) 201 | 202 | Start the app listening for requests. This method will internally create a Node.js 203 | HTTP server and call `.listen()` on it. 204 | 205 | This is an alias to the `server.listen()` method in the version of Node.js running, 206 | so consult the Node.js documentation for all the different variations. The most 207 | common signature is [`app.listen(port)`](https://nodejs.org/dist/latest-v6.x/docs/api/http.html#http_server_listen_port_hostname_backlog_callback). 208 | 209 | ### app.use(fn) 210 | 211 | Use a function on the app, where the function represents a middleware. The function 212 | will be invoked for every request in the order that `app.use` is called. The function 213 | is called with three arguments: 214 | 215 | ```js 216 | app.use(function (req, res, next) { 217 | // req is the Node.js http request object 218 | // res is the Node.js http response object 219 | // next is a function to call to invoke the next middleware 220 | }) 221 | ``` 222 | 223 | In addition to a plan function, the `fn` argument can also be a Node.js HTTP server 224 | instance or another Connect app instance. 225 | 226 | ### app.use(route, fn) 227 | 228 | Use a function on the app, where the function represents a middleware. The function 229 | will be invoked for every request in which the URL (`req.url` property) starts with 230 | the given `route` string in the order that `app.use` is called. The function is 231 | called with three arguments: 232 | 233 | ```js 234 | app.use('/foo', function (req, res, next) { 235 | // req is the Node.js http request object 236 | // res is the Node.js http response object 237 | // next is a function to call to invoke the next middleware 238 | }) 239 | ``` 240 | 241 | In addition to a plan function, the `fn` argument can also be a Node.js HTTP server 242 | instance or another Connect app instance. 243 | 244 | The `route` is always terminated at a path separator (`/`) or a dot (`.`) character. 245 | This means the given routes `/foo/` and `/foo` are the same and both will match requests 246 | with the URLs `/foo`, `/foo/`, `/foo/bar`, and `/foo.bar`, but not match a request with 247 | the URL `/foobar`. 248 | 249 | The `route` is matched in a case-insensitive manor. 250 | 251 | In order to make middleware easier to write to be agnostic of the `route`, when the 252 | `fn` is invoked, the `req.url` will be altered to remove the `route` part (and the 253 | original will be available as `req.originalUrl`). For example, if `fn` is used at the 254 | route `/foo`, the request for `/foo/bar` will invoke `fn` with `req.url === '/foo'` 255 | and `req.originalUrl === '/foo/bar'`. 256 | 257 | ## Running Tests 258 | 259 | ```bash 260 | npm install 261 | npm test 262 | ``` 263 | 264 | ## Contributors 265 | 266 | https://github.com/senchalabs/connect/graphs/contributors 267 | 268 | ## Node Compatibility 269 | 270 | - Connect `< 1.x` - node `0.2` 271 | - Connect `1.x` - node `0.4` 272 | - Connect `< 2.8` - node `0.6` 273 | - Connect `>= 2.8 < 3` - node `0.8` 274 | - Connect `>= 3` - node `0.10`, `0.12`, `4.x`, `5.x`, `6.x`, `7.x`; io.js `1.x`, `2.x`, `3.x` 275 | 276 | ## License 277 | 278 | [MIT](LICENSE) 279 | 280 | [npm-image]: https://img.shields.io/npm/v/connect.svg 281 | [npm-url]: https://npmjs.org/package/connect 282 | [travis-image]: https://img.shields.io/travis/senchalabs/connect/master.svg 283 | [travis-url]: https://travis-ci.org/senchalabs/connect 284 | [coveralls-image]: https://img.shields.io/coveralls/senchalabs/connect/master.svg 285 | [coveralls-url]: https://coveralls.io/r/senchalabs/connect 286 | [downloads-image]: https://img.shields.io/npm/dm/connect.svg 287 | [downloads-url]: https://npmjs.org/package/connect 288 | [gratipay-image]: https://img.shields.io/gratipay/dougwilson.svg 289 | [gratipay-url]: https://www.gratipay.com/dougwilson/ 290 | -------------------------------------------------------------------------------- /HISTORY.md: -------------------------------------------------------------------------------- 1 | 3.6.1 / 2017-04-19 2 | ================== 3 | 4 | * deps: debug@2.6.3 5 | - Fix `DEBUG_MAX_ARRAY_LENGTH` 6 | * deps: finalhandler@1.0.1 7 | - Fix missing `` in HTML document 8 | - deps: debug@2.6.3 9 | 10 | 3.6.0 / 2017-02-17 11 | ================== 12 | 13 | * deps: debug@2.6.1 14 | - Allow colors in workers 15 | - Deprecated `DEBUG_FD` environment variable set to `3` or higher 16 | - Fix error when running under React Native 17 | - Use same color for same namespace 18 | - deps: ms@0.7.2 19 | * deps: finalhandler@1.0.0 20 | - Fix exception when `err` cannot be converted to a string 21 | - Fully URL-encode the pathname in the 404 22 | - Only include the pathname in the 404 message 23 | - Send complete HTML document 24 | - Set `Content-Security-Policy: default-src 'self'` header 25 | - deps: debug@2.6.1 26 | 27 | 3.5.1 / 2017-02-12 28 | ================== 29 | 30 | * deps: finalhandler@0.5.1 31 | - Fix exception when `err.headers` is not an object 32 | - deps: statuses@~1.3.1 33 | - perf: hoist regular expressions 34 | - perf: remove duplicate validation path 35 | 36 | 3.5.0 / 2016-09-09 37 | ================== 38 | 39 | * deps: finalhandler@0.5.0 40 | - Change invalid or non-numeric status code to 500 41 | - Overwrite status message to match set status code 42 | - Prefer `err.statusCode` if `err.status` is invalid 43 | - Set response headers from `err.headers` object 44 | - Use `statuses` instead of `http` module for status messages 45 | 46 | 3.4.1 / 2016-01-23 47 | ================== 48 | 49 | * deps: finalhandler@0.4.1 50 | - deps: escape-html@~1.0.3 51 | * deps: parseurl@~1.3.1 52 | - perf: enable strict mode 53 | 54 | 3.4.0 / 2015-06-18 55 | ================== 56 | 57 | * deps: debug@~2.2.0 58 | - deps: ms@0.7.1 59 | * deps: finalhandler@0.4.0 60 | - Fix a false-positive when unpiping in Node.js 0.8 61 | - Support `statusCode` property on `Error` objects 62 | - Use `unpipe` module for unpiping requests 63 | - deps: debug@~2.2.0 64 | - deps: escape-html@1.0.2 65 | - deps: on-finished@~2.3.0 66 | - perf: enable strict mode 67 | - perf: remove argument reassignment 68 | * perf: enable strict mode 69 | * perf: remove argument reassignments 70 | 71 | 3.3.5 / 2015-03-16 72 | ================== 73 | 74 | * deps: debug@~2.1.3 75 | - Fix high intensity foreground color for bold 76 | - deps: ms@0.7.0 77 | * deps: finalhandler@0.3.4 78 | - deps: debug@~2.1.3 79 | 80 | 3.3.4 / 2015-01-07 81 | ================== 82 | 83 | * deps: debug@~2.1.1 84 | * deps: finalhandler@0.3.3 85 | - deps: debug@~2.1.1 86 | - deps: on-finished@~2.2.0 87 | 88 | 3.3.3 / 2014-11-09 89 | ================== 90 | 91 | * Correctly invoke async callback asynchronously 92 | 93 | 3.3.2 / 2014-10-28 94 | ================== 95 | 96 | * Fix handling of URLs containing `://` in the path 97 | 98 | 3.3.1 / 2014-10-22 99 | ================== 100 | 101 | * deps: finalhandler@0.3.2 102 | - deps: on-finished@~2.1.1 103 | 104 | 3.3.0 / 2014-10-17 105 | ================== 106 | 107 | * deps: debug@~2.1.0 108 | - Implement `DEBUG_FD` env variable support 109 | * deps: finalhandler@0.3.1 110 | - Terminate in progress response only on error 111 | - Use `on-finished` to determine request status 112 | - deps: debug@~2.1.0 113 | 114 | 3.2.0 / 2014-09-08 115 | ================== 116 | 117 | * deps: debug@~2.0.0 118 | * deps: finalhandler@0.2.0 119 | - Set `X-Content-Type-Options: nosniff` header 120 | - deps: debug@~2.0.0 121 | 122 | 3.1.1 / 2014-08-10 123 | ================== 124 | 125 | * deps: parseurl@~1.3.0 126 | 127 | 3.1.0 / 2014-07-22 128 | ================== 129 | 130 | * deps: debug@1.0.4 131 | * deps: finalhandler@0.1.0 132 | - Respond after request fully read 133 | - deps: debug@1.0.4 134 | * deps: parseurl@~1.2.0 135 | - Cache URLs based on original value 136 | - Remove no-longer-needed URL mis-parse work-around 137 | - Simplify the "fast-path" `RegExp` 138 | * perf: reduce executed logic in routing 139 | * perf: refactor location of `try` block 140 | 141 | 3.0.2 / 2014-07-10 142 | ================== 143 | 144 | * deps: debug@1.0.3 145 | - Add support for multiple wildcards in namespaces 146 | * deps: parseurl@~1.1.3 147 | - faster parsing of href-only URLs 148 | 149 | 3.0.1 / 2014-06-19 150 | ================== 151 | 152 | * use `finalhandler` for final response handling 153 | * deps: debug@1.0.2 154 | 155 | 3.0.0 / 2014-05-29 156 | ================== 157 | 158 | * No changes 159 | 160 | 3.0.0-rc.2 / 2014-05-04 161 | ======================= 162 | 163 | * Call error stack even when response has been sent 164 | * Prevent default 404 handler after response sent 165 | * dep: debug@0.8.1 166 | * encode stack in HTML for default error handler 167 | * remove `proto` export 168 | 169 | 3.0.0-rc.1 / 2014-03-06 170 | ======================= 171 | 172 | * move middleware to separate repos 173 | * remove docs 174 | * remove node patches 175 | * remove connect(middleware...) 176 | * remove the old `connect.createServer()` method 177 | * remove various private `connect.utils` functions 178 | * drop node.js 0.8 support 179 | 180 | 2.30.2 / 2015-07-31 181 | =================== 182 | 183 | * deps: body-parser@~1.13.3 184 | - deps: type-is@~1.6.6 185 | * deps: compression@~1.5.2 186 | - deps: accepts@~1.2.12 187 | - deps: compressible@~2.0.5 188 | - deps: vary@~1.0.1 189 | * deps: errorhandler@~1.4.2 190 | - deps: accepts@~1.2.12 191 | * deps: method-override@~2.3.5 192 | - deps: vary@~1.0.1 193 | - perf: enable strict mode 194 | * deps: serve-index@~1.7.2 195 | - deps: accepts@~1.2.12 196 | - deps: mime-types@~2.1.4 197 | * deps: type-is@~1.6.6 198 | - deps: mime-types@~2.1.4 199 | * deps: vhost@~3.0.1 200 | - perf: enable strict mode 201 | 202 | 2.30.1 / 2015-07-05 203 | =================== 204 | 205 | * deps: body-parser@~1.13.2 206 | - deps: iconv-lite@0.4.11 207 | - deps: qs@4.0.0 208 | - deps: raw-body@~2.1.2 209 | - deps: type-is@~1.6.4 210 | * deps: compression@~1.5.1 211 | - deps: accepts@~1.2.10 212 | - deps: compressible@~2.0.4 213 | * deps: errorhandler@~1.4.1 214 | - deps: accepts@~1.2.10 215 | * deps: qs@4.0.0 216 | - Fix dropping parameters like `hasOwnProperty` 217 | - Fix various parsing edge cases 218 | * deps: morgan@~1.6.1 219 | - deps: basic-auth@~1.0.3 220 | * deps: pause@0.1.0 221 | - Re-emit events with all original arguments 222 | - Refactor internals 223 | - perf: enable strict mode 224 | * deps: serve-index@~1.7.1 225 | - deps: accepts@~1.2.10 226 | - deps: mime-types@~2.1.2 227 | * deps: type-is@~1.6.4 228 | - deps: mime-types@~2.1.2 229 | - perf: enable strict mode 230 | - perf: remove argument reassignment 231 | 232 | 2.30.0 / 2015-06-18 233 | =================== 234 | 235 | * deps: body-parser@~1.13.1 236 | - Add `statusCode` property on `Error`s, in addition to `status` 237 | - Change `type` default to `application/json` for JSON parser 238 | - Change `type` default to `application/x-www-form-urlencoded` for urlencoded parser 239 | - Provide static `require` analysis 240 | - Use the `http-errors` module to generate errors 241 | - deps: bytes@2.1.0 242 | - deps: iconv-lite@0.4.10 243 | - deps: on-finished@~2.3.0 244 | - deps: raw-body@~2.1.1 245 | - deps: type-is@~1.6.3 246 | - perf: enable strict mode 247 | - perf: remove argument reassignment 248 | - perf: remove delete call 249 | * deps: bytes@2.1.0 250 | - Slight optimizations 251 | - Units no longer case sensitive when parsing 252 | * deps: compression@~1.5.0 253 | - Fix return value from `.end` and `.write` after end 254 | - Improve detection of zero-length body without `Content-Length` 255 | - deps: accepts@~1.2.9 256 | - deps: bytes@2.1.0 257 | - deps: compressible@~2.0.3 258 | - perf: enable strict mode 259 | - perf: remove flush reassignment 260 | - perf: simplify threshold detection 261 | * deps: cookie@0.1.3 262 | - Slight optimizations 263 | * deps: cookie-parser@~1.3.5 264 | - deps: cookie@0.1.3 265 | * deps: csurf@~1.8.3 266 | - Add `sessionKey` option 267 | - deps: cookie@0.1.3 268 | - deps: csrf@~3.0.0 269 | * deps: errorhandler@~1.4.0 270 | - Add charset to the `Content-Type` header 271 | - Support `statusCode` property on `Error` objects 272 | - deps: accepts@~1.2.9 273 | - deps: escape-html@1.0.2 274 | * deps: express-session@~1.11.3 275 | - Support an array in `secret` option for key rotation 276 | - deps: cookie@0.1.3 277 | - deps: crc@3.3.0 278 | - deps: debug@~2.2.0 279 | - deps: depd@~1.0.1 280 | - deps: uid-safe@~2.0.0 281 | * deps: finalhandler@0.4.0 282 | - Fix a false-positive when unpiping in Node.js 0.8 283 | - Support `statusCode` property on `Error` objects 284 | - Use `unpipe` module for unpiping requests 285 | - deps: escape-html@1.0.2 286 | - deps: on-finished@~2.3.0 287 | - perf: enable strict mode 288 | - perf: remove argument reassignment 289 | * deps: fresh@0.3.0 290 | - Add weak `ETag` matching support 291 | * deps: morgan@~1.6.0 292 | - Add `morgan.compile(format)` export 293 | - Do not color 1xx status codes in `dev` format 294 | - Fix `response-time` token to not include response latency 295 | - Fix `status` token incorrectly displaying before response in `dev` format 296 | - Fix token return values to be `undefined` or a string 297 | - Improve representation of multiple headers in `req` and `res` tokens 298 | - Use `res.getHeader` in `res` token 299 | - deps: basic-auth@~1.0.2 300 | - deps: on-finished@~2.3.0 301 | - pref: enable strict mode 302 | - pref: reduce function closure scopes 303 | - pref: remove dynamic compile on every request for `dev` format 304 | - pref: remove an argument reassignment 305 | - pref: skip function call without `skip` option 306 | * deps: serve-favicon@~2.3.0 307 | - Send non-chunked response for `OPTIONS` 308 | - deps: etag@~1.7.0 309 | - deps: fresh@0.3.0 310 | - perf: enable strict mode 311 | - perf: remove argument reassignment 312 | - perf: remove bitwise operations 313 | * deps: serve-index@~1.7.0 314 | - Accept `function` value for `template` option 315 | - Send non-chunked response for `OPTIONS` 316 | - Stat parent directory when necessary 317 | - Use `Date.prototype.toLocaleDateString` to format date 318 | - deps: accepts@~1.2.9 319 | - deps: escape-html@1.0.2 320 | - deps: mime-types@~2.1.1 321 | - perf: enable strict mode 322 | - perf: remove argument reassignment 323 | * deps: serve-static@~1.10.0 324 | - Add `fallthrough` option 325 | - Fix reading options from options prototype 326 | - Improve the default redirect response headers 327 | - Malformed URLs now `next()` instead of 400 328 | - deps: escape-html@1.0.2 329 | - deps: send@0.13.0 330 | - perf: enable strict mode 331 | - perf: remove argument reassignment 332 | * deps: type-is@~1.6.3 333 | - deps: mime-types@~2.1.1 334 | - perf: reduce try block size 335 | - perf: remove bitwise operations 336 | 337 | 2.29.2 / 2015-05-14 338 | =================== 339 | 340 | * deps: body-parser@~1.12.4 341 | - Slight efficiency improvement when not debugging 342 | - deps: debug@~2.2.0 343 | - deps: depd@~1.0.1 344 | - deps: iconv-lite@0.4.8 345 | - deps: on-finished@~2.2.1 346 | - deps: qs@2.4.2 347 | - deps: raw-body@~2.0.1 348 | - deps: type-is@~1.6.2 349 | * deps: compression@~1.4.4 350 | - deps: accepts@~1.2.7 351 | - deps: debug@~2.2.0 352 | * deps: connect-timeout@~1.6.2 353 | - deps: debug@~2.2.0 354 | - deps: ms@0.7.1 355 | * deps: debug@~2.2.0 356 | - deps: ms@0.7.1 357 | * deps: depd@~1.0.1 358 | * deps: errorhandler@~1.3.6 359 | - deps: accepts@~1.2.7 360 | * deps: finalhandler@0.3.6 361 | - deps: debug@~2.2.0 362 | - deps: on-finished@~2.2.1 363 | * deps: method-override@~2.3.3 364 | - deps: debug@~2.2.0 365 | * deps: morgan@~1.5.3 366 | - deps: basic-auth@~1.0.1 367 | - deps: debug@~2.2.0 368 | - deps: depd@~1.0.1 369 | - deps: on-finished@~2.2.1 370 | * deps: qs@2.4.2 371 | - Fix allowing parameters like `constructor` 372 | * deps: response-time@~2.3.1 373 | - deps: depd@~1.0.1 374 | * deps: serve-favicon@~2.2.1 375 | - deps: etag@~1.6.0 376 | - deps: ms@0.7.1 377 | * deps: serve-index@~1.6.4 378 | - deps: accepts@~1.2.7 379 | - deps: debug@~2.2.0 380 | - deps: mime-types@~2.0.11 381 | * deps: serve-static@~1.9.3 382 | - deps: send@0.12.3 383 | * deps: type-is@~1.6.2 384 | - deps: mime-types@~2.0.11 385 | 386 | 2.29.1 / 2015-03-16 387 | =================== 388 | 389 | * deps: body-parser@~1.12.2 390 | - deps: debug@~2.1.3 391 | - deps: qs@2.4.1 392 | - deps: type-is@~1.6.1 393 | * deps: compression@~1.4.3 394 | - Fix error when code calls `res.end(str, encoding)` 395 | - deps: accepts@~1.2.5 396 | - deps: debug@~2.1.3 397 | * deps: connect-timeout@~1.6.1 398 | - deps: debug@~2.1.3 399 | * deps: debug@~2.1.3 400 | - Fix high intensity foreground color for bold 401 | - deps: ms@0.7.0 402 | * deps: errorhandler@~1.3.5 403 | - deps: accepts@~1.2.5 404 | * deps: express-session@~1.10.4 405 | - deps: debug@~2.1.3 406 | * deps: finalhandler@0.3.4 407 | - deps: debug@~2.1.3 408 | * deps: method-override@~2.3.2 409 | - deps: debug@~2.1.3 410 | * deps: morgan@~1.5.2 411 | - deps: debug@~2.1.3 412 | * deps: qs@2.4.1 413 | - Fix error when parameter `hasOwnProperty` is present 414 | * deps: serve-index@~1.6.3 415 | - Properly escape file names in HTML 416 | - deps: accepts@~1.2.5 417 | - deps: debug@~2.1.3 418 | - deps: escape-html@1.0.1 419 | - deps: mime-types@~2.0.10 420 | * deps: serve-static@~1.9.2 421 | - deps: send@0.12.2 422 | * deps: type-is@~1.6.1 423 | - deps: mime-types@~2.0.10 424 | 425 | 2.29.0 / 2015-02-17 426 | =================== 427 | 428 | * Use `content-type` to parse `Content-Type` headers 429 | * deps: body-parser@~1.12.0 430 | - add `debug` messages 431 | - accept a function for the `type` option 432 | - make internal `extended: true` depth limit infinity 433 | - use `content-type` to parse `Content-Type` headers 434 | - deps: iconv-lite@0.4.7 435 | - deps: raw-body@1.3.3 436 | - deps: type-is@~1.6.0 437 | * deps: compression@~1.4.1 438 | - Prefer `gzip` over `deflate` on the server 439 | - deps: accepts@~1.2.4 440 | * deps: connect-timeout@~1.6.0 441 | - deps: http-errors@~1.3.1 442 | * deps: cookie-parser@~1.3.4 443 | - deps: cookie-signature@1.0.6 444 | * deps: cookie-signature@1.0.6 445 | * deps: csurf@~1.7.0 446 | - Accept `CSRF-Token` and `XSRF-Token` request headers 447 | - Default `cookie.path` to `'/'`, if using cookies 448 | - deps: cookie-signature@1.0.6 449 | - deps: csrf@~2.0.6 450 | - deps: http-errors@~1.3.1 451 | * deps: errorhandler@~1.3.4 452 | - deps: accepts@~1.2.4 453 | * deps: express-session@~1.10.3 454 | - deps: cookie-signature@1.0.6 455 | - deps: uid-safe@1.1.0 456 | * deps: http-errors@~1.3.1 457 | - Construct errors using defined constructors from `createError` 458 | - Fix error names that are not identifiers 459 | - Set a meaningful `name` property on constructed errors 460 | * deps: response-time@~2.3.0 461 | - Add function argument to support recording of response time 462 | * deps: serve-index@~1.6.2 463 | - deps: accepts@~1.2.4 464 | - deps: http-errors@~1.3.1 465 | - deps: mime-types@~2.0.9 466 | * deps: serve-static@~1.9.1 467 | - deps: send@0.12.1 468 | * deps: type-is@~1.6.0 469 | - fix argument reassignment 470 | - fix false-positives in `hasBody` `Transfer-Encoding` check 471 | - support wildcard for both type and subtype (`*/*`) 472 | - deps: mime-types@~2.0.9 473 | 474 | 2.28.3 / 2015-01-31 475 | =================== 476 | 477 | * deps: compression@~1.3.1 478 | - deps: accepts@~1.2.3 479 | - deps: compressible@~2.0.2 480 | * deps: csurf@~1.6.6 481 | - deps: csrf@~2.0.5 482 | * deps: errorhandler@~1.3.3 483 | - deps: accepts@~1.2.3 484 | * deps: express-session@~1.10.2 485 | - deps: uid-safe@1.0.3 486 | * deps: serve-index@~1.6.1 487 | - deps: accepts@~1.2.3 488 | - deps: mime-types@~2.0.8 489 | * deps: type-is@~1.5.6 490 | - deps: mime-types@~2.0.8 491 | 492 | 2.28.2 / 2015-01-20 493 | =================== 494 | 495 | * deps: body-parser@~1.10.2 496 | - deps: iconv-lite@0.4.6 497 | - deps: raw-body@1.3.2 498 | * deps: serve-static@~1.8.1 499 | - Fix redirect loop in Node.js 0.11.14 500 | - Fix root path disclosure 501 | - deps: send@0.11.1 502 | 503 | 2.28.1 / 2015-01-08 504 | =================== 505 | 506 | * deps: csurf@~1.6.5 507 | - deps: csrf@~2.0.4 508 | * deps: express-session@~1.10.1 509 | - deps: uid-safe@~1.0.2 510 | 511 | 2.28.0 / 2015-01-05 512 | =================== 513 | 514 | * deps: body-parser@~1.10.1 515 | - Make internal `extended: true` array limit dynamic 516 | - deps: on-finished@~2.2.0 517 | - deps: type-is@~1.5.5 518 | * deps: compression@~1.3.0 519 | - Export the default `filter` function for wrapping 520 | - deps: accepts@~1.2.2 521 | - deps: debug@~2.1.1 522 | * deps: connect-timeout@~1.5.0 523 | - deps: debug@~2.1.1 524 | - deps: http-errors@~1.2.8 525 | - deps: ms@0.7.0 526 | * deps: csurf@~1.6.4 527 | - deps: csrf@~2.0.3 528 | - deps: http-errors@~1.2.8 529 | * deps: debug@~2.1.1 530 | * deps: errorhandler@~1.3.2 531 | - Add `log` option 532 | - Fix heading content to not include stack 533 | - deps: accepts@~1.2.2 534 | * deps: express-session@~1.10.0 535 | - Add `store.touch` interface for session stores 536 | - Fix `MemoryStore` expiration with `resave: false` 537 | - deps: debug@~2.1.1 538 | * deps: finalhandler@0.3.3 539 | - deps: debug@~2.1.1 540 | - deps: on-finished@~2.2.0 541 | * deps: method-override@~2.3.1 542 | - deps: debug@~2.1.1 543 | - deps: methods@~1.1.1 544 | * deps: morgan@~1.5.1 545 | - Add multiple date formats `clf`, `iso`, and `web` 546 | - Deprecate `buffer` option 547 | - Fix date format in `common` and `combined` formats 548 | - Fix token arguments to accept values with `"` 549 | - deps: debug@~2.1.1 550 | - deps: on-finished@~2.2.0 551 | * deps: serve-favicon@~2.2.0 552 | - Support query string in the URL 553 | - deps: etag@~1.5.1 554 | - deps: ms@0.7.0 555 | * deps: serve-index@~1.6.0 556 | - Add link to root directory 557 | - deps: accepts@~1.2.2 558 | - deps: batch@0.5.2 559 | - deps: debug@~2.1.1 560 | - deps: mime-types@~2.0.7 561 | * deps: serve-static@~1.8.0 562 | - Fix potential open redirect when mounted at root 563 | - deps: send@0.11.0 564 | * deps: type-is@~1.5.5 565 | - deps: mime-types@~2.0.7 566 | 567 | 2.27.6 / 2014-12-10 568 | =================== 569 | 570 | * deps: serve-index@~1.5.3 571 | - deps: accepts@~1.1.4 572 | - deps: http-errors@~1.2.8 573 | - deps: mime-types@~2.0.4 574 | 575 | 2.27.5 / 2014-12-10 576 | =================== 577 | 578 | * deps: compression@~1.2.2 579 | - Fix `.end` to only proxy to `.end` 580 | - deps: accepts@~1.1.4 581 | * deps: express-session@~1.9.3 582 | - Fix error when `req.sessionID` contains a non-string value 583 | * deps: http-errors@~1.2.8 584 | - Fix stack trace from exported function 585 | - Remove `arguments.callee` usage 586 | * deps: serve-index@~1.5.2 587 | - Fix icon name background alignment on mobile view 588 | * deps: type-is@~1.5.4 589 | - deps: mime-types@~2.0.4 590 | 591 | 2.27.4 / 2014-11-23 592 | =================== 593 | 594 | * deps: body-parser@~1.9.3 595 | - deps: iconv-lite@0.4.5 596 | - deps: qs@2.3.3 597 | - deps: raw-body@1.3.1 598 | - deps: type-is@~1.5.3 599 | * deps: compression@~1.2.1 600 | - deps: accepts@~1.1.3 601 | * deps: errorhandler@~1.2.3 602 | - deps: accepts@~1.1.3 603 | * deps: express-session@~1.9.2 604 | - deps: crc@3.2.1 605 | * deps: qs@2.3.3 606 | - Fix `arrayLimit` behavior 607 | * deps: serve-favicon@~2.1.7 608 | - Avoid errors from enumerables on `Object.prototype` 609 | * deps: serve-index@~1.5.1 610 | - deps: accepts@~1.1.3 611 | - deps: mime-types@~2.0.3 612 | * deps: type-is@~1.5.3 613 | - deps: mime-types@~2.0.3 614 | 615 | 2.27.3 / 2014-11-09 616 | =================== 617 | 618 | * Correctly invoke async callback asynchronously 619 | * deps: csurf@~1.6.3 620 | - bump csrf 621 | - bump http-errors 622 | 623 | 2.27.2 / 2014-10-28 624 | =================== 625 | 626 | * Fix handling of URLs containing `://` in the path 627 | * deps: body-parser@~1.9.2 628 | - deps: qs@2.3.2 629 | * deps: qs@2.3.2 630 | - Fix parsing of mixed objects and values 631 | 632 | 2.27.1 / 2014-10-22 633 | =================== 634 | 635 | * deps: body-parser@~1.9.1 636 | - deps: on-finished@~2.1.1 637 | - deps: qs@2.3.0 638 | - deps: type-is@~1.5.2 639 | * deps: express-session@~1.9.1 640 | - Remove unnecessary empty write call 641 | * deps: finalhandler@0.3.2 642 | - deps: on-finished@~2.1.1 643 | * deps: morgan@~1.4.1 644 | - deps: on-finished@~2.1.1 645 | * deps: qs@2.3.0 646 | - Fix parsing of mixed implicit and explicit arrays 647 | * deps: serve-static@~1.7.1 648 | - deps: send@0.10.1 649 | 650 | 2.27.0 / 2014-10-16 651 | =================== 652 | 653 | * Use `http-errors` module for creating errors 654 | * Use `utils-merge` module for merging objects 655 | * deps: body-parser@~1.9.0 656 | - include the charset in "unsupported charset" error message 657 | - include the encoding in "unsupported content encoding" error message 658 | - deps: depd@~1.0.0 659 | * deps: compression@~1.2.0 660 | - deps: debug@~2.1.0 661 | * deps: connect-timeout@~1.4.0 662 | - Create errors with `http-errors` 663 | - deps: debug@~2.1.0 664 | * deps: debug@~2.1.0 665 | - Implement `DEBUG_FD` env variable support 666 | * deps: depd@~1.0.0 667 | * deps: express-session@~1.9.0 668 | - deps: debug@~2.1.0 669 | - deps: depd@~1.0.0 670 | * deps: finalhandler@0.3.1 671 | - Terminate in progress response only on error 672 | - Use `on-finished` to determine request status 673 | - deps: debug@~2.1.0 674 | * deps: method-override@~2.3.0 675 | - deps: debug@~2.1.0 676 | * deps: morgan@~1.4.0 677 | - Add `debug` messages 678 | - deps: depd@~1.0.0 679 | * deps: response-time@~2.2.0 680 | - Add `header` option for custom header name 681 | - Add `suffix` option 682 | - Change `digits` argument to an `options` argument 683 | - deps: depd@~1.0.0 684 | * deps: serve-favicon@~2.1.6 685 | - deps: etag@~1.5.0 686 | * deps: serve-index@~1.5.0 687 | - Add `dir` argument to `filter` function 688 | - Add icon for mkv files 689 | - Create errors with `http-errors` 690 | - Fix incorrect 403 on Windows and Node.js 0.11 691 | - Lookup icon by mime type for greater icon support 692 | - Support using tokens multiple times 693 | - deps: accepts@~1.1.2 694 | - deps: debug@~2.1.0 695 | - deps: mime-types@~2.0.2 696 | * deps: serve-static@~1.7.0 697 | - deps: send@0.10.0 698 | 699 | 2.26.6 / 2014-10-15 700 | =================== 701 | 702 | * deps: compression@~1.1.2 703 | - deps: accepts@~1.1.2 704 | - deps: compressible@~2.0.1 705 | * deps: csurf@~1.6.2 706 | - bump http-errors 707 | - fix cookie name when using `cookie: true` 708 | * deps: errorhandler@~1.2.2 709 | - deps: accepts@~1.1.2 710 | 711 | 2.26.5 / 2014-10-08 712 | =================== 713 | 714 | * Fix accepting non-object arguments to `logger` 715 | * deps: serve-static@~1.6.4 716 | - Fix redirect loop when index file serving disabled 717 | 718 | 2.26.4 / 2014-10-02 719 | =================== 720 | 721 | * deps: morgan@~1.3.2 722 | - Fix `req.ip` integration when `immediate: false` 723 | * deps: type-is@~1.5.2 724 | - deps: mime-types@~2.0.2 725 | 726 | 2.26.3 / 2014-09-24 727 | =================== 728 | 729 | * deps: body-parser@~1.8.4 730 | - fix content encoding to be case-insensitive 731 | * deps: serve-favicon@~2.1.5 732 | - deps: etag@~1.4.0 733 | * deps: serve-static@~1.6.3 734 | - deps: send@0.9.3 735 | 736 | 2.26.2 / 2014-09-19 737 | =================== 738 | 739 | * deps: body-parser@~1.8.3 740 | - deps: qs@2.2.4 741 | * deps: qs@2.2.4 742 | - Fix issue with object keys starting with numbers truncated 743 | 744 | 2.26.1 / 2014-09-15 745 | =================== 746 | 747 | * deps: body-parser@~1.8.2 748 | - deps: depd@0.4.5 749 | * deps: depd@0.4.5 750 | * deps: express-session@~1.8.2 751 | - Use `crc` instead of `buffer-crc32` for speed 752 | - deps: depd@0.4.5 753 | * deps: morgan@~1.3.1 754 | - Remove un-used `bytes` dependency 755 | - deps: depd@0.4.5 756 | * deps: serve-favicon@~2.1.4 757 | - Fix content headers being sent in 304 response 758 | - deps: etag@~1.3.1 759 | * deps: serve-static@~1.6.2 760 | - deps: send@0.9.2 761 | 762 | 2.26.0 / 2014-09-08 763 | =================== 764 | 765 | * deps: body-parser@~1.8.1 766 | - add `parameterLimit` option to `urlencoded` parser 767 | - change `urlencoded` extended array limit to 100 768 | - make empty-body-handling consistent between chunked requests 769 | - respond with 415 when over `parameterLimit` in `urlencoded` 770 | - deps: media-typer@0.3.0 771 | - deps: qs@2.2.3 772 | - deps: type-is@~1.5.1 773 | * deps: compression@~1.1.0 774 | - deps: accepts@~1.1.0 775 | - deps: compressible@~2.0.0 776 | - deps: debug@~2.0.0 777 | * deps: connect-timeout@~1.3.0 778 | - deps: debug@~2.0.0 779 | * deps: cookie-parser@~1.3.3 780 | - deps: cookie-signature@1.0.5 781 | * deps: cookie-signature@1.0.5 782 | * deps: csurf@~1.6.1 783 | - add `ignoreMethods` option 784 | - bump cookie-signature 785 | - csrf-tokens -> csrf 786 | - set `code` property on CSRF token errors 787 | * deps: debug@~2.0.0 788 | * deps: errorhandler@~1.2.0 789 | - Display error using `util.inspect` if no other representation 790 | - deps: accepts@~1.1.0 791 | * deps: express-session@~1.8.1 792 | - Do not resave already-saved session at end of request 793 | - Prevent session prototype methods from being overwritten 794 | - deps: cookie-signature@1.0.5 795 | - deps: debug@~2.0.0 796 | * deps: finalhandler@0.2.0 797 | - Set `X-Content-Type-Options: nosniff` header 798 | - deps: debug@~2.0.0 799 | * deps: fresh@0.2.4 800 | * deps: media-typer@0.3.0 801 | - Throw error when parameter format invalid on parse 802 | * deps: method-override@~2.2.0 803 | - deps: debug@~2.0.0 804 | * deps: morgan@~1.3.0 805 | - Assert if `format` is not a function or string 806 | * deps: qs@2.2.3 807 | - Fix issue where first empty value in array is discarded 808 | * deps: serve-favicon@~2.1.3 809 | - Accept string for `maxAge` (converted by `ms`) 810 | - Use `etag` to generate `ETag` header 811 | - deps: fresh@0.2.4 812 | * deps: serve-index@~1.2.1 813 | - Add `debug` messages 814 | - Resolve relative paths at middleware setup 815 | - deps: accepts@~1.1.0 816 | * deps: serve-static@~1.6.1 817 | - Add `lastModified` option 818 | - deps: send@0.9.1 819 | * deps: type-is@~1.5.1 820 | - fix `hasbody` to be true for `content-length: 0` 821 | - deps: media-typer@0.3.0 822 | - deps: mime-types@~2.0.1 823 | * deps: vhost@~3.0.0 824 | 825 | 2.25.10 / 2014-09-04 826 | ==================== 827 | 828 | * deps: serve-static@~1.5.4 829 | - deps: send@0.8.5 830 | 831 | 2.25.9 / 2014-08-29 832 | =================== 833 | 834 | * deps: body-parser@~1.6.7 835 | - deps: qs@2.2.2 836 | * deps: qs@2.2.2 837 | 838 | 2.25.8 / 2014-08-27 839 | =================== 840 | 841 | * deps: body-parser@~1.6.6 842 | - deps: qs@2.2.0 843 | * deps: csurf@~1.4.1 844 | * deps: qs@2.2.0 845 | - Array parsing fix 846 | - Performance improvements 847 | 848 | 2.25.7 / 2014-08-18 849 | =================== 850 | 851 | * deps: body-parser@~1.6.5 852 | - deps: on-finished@2.1.0 853 | * deps: express-session@~1.7.6 854 | - Fix exception on `res.end(null)` calls 855 | * deps: morgan@~1.2.3 856 | - deps: on-finished@2.1.0 857 | * deps: serve-static@~1.5.3 858 | - deps: send@0.8.3 859 | 860 | 2.25.6 / 2014-08-14 861 | =================== 862 | 863 | * deps: body-parser@~1.6.4 864 | - deps: qs@1.2.2 865 | * deps: qs@1.2.2 866 | * deps: serve-static@~1.5.2 867 | - deps: send@0.8.2 868 | 869 | 2.25.5 / 2014-08-11 870 | =================== 871 | 872 | * Fix backwards compatibility in `logger` 873 | 874 | 2.25.4 / 2014-08-10 875 | =================== 876 | 877 | * Fix `query` middleware breaking with argument 878 | - It never really took one in the first place 879 | * deps: body-parser@~1.6.3 880 | - deps: qs@1.2.1 881 | * deps: compression@~1.0.11 882 | - deps: on-headers@~1.0.0 883 | - deps: parseurl@~1.3.0 884 | * deps: connect-timeout@~1.2.2 885 | - deps: on-headers@~1.0.0 886 | * deps: express-session@~1.7.5 887 | - Fix parsing original URL 888 | - deps: on-headers@~1.0.0 889 | - deps: parseurl@~1.3.0 890 | * deps: method-override@~2.1.3 891 | * deps: on-headers@~1.0.0 892 | * deps: parseurl@~1.3.0 893 | * deps: qs@1.2.1 894 | * deps: response-time@~2.0.1 895 | - deps: on-headers@~1.0.0 896 | * deps: serve-index@~1.1.6 897 | - Fix URL parsing 898 | * deps: serve-static@~1.5.1 899 | - Fix parsing of weird `req.originalUrl` values 900 | - deps: parseurl@~1.3.0 901 | = deps: utils-merge@1.0.0 902 | 903 | 2.25.3 / 2014-08-07 904 | =================== 905 | 906 | * deps: multiparty@3.3.2 907 | - Fix potential double-callback 908 | 909 | 2.25.2 / 2014-08-07 910 | =================== 911 | 912 | * deps: body-parser@~1.6.2 913 | - deps: qs@1.2.0 914 | * deps: qs@1.2.0 915 | - Fix parsing array of objects 916 | 917 | 2.25.1 / 2014-08-06 918 | =================== 919 | 920 | * deps: body-parser@~1.6.1 921 | - deps: qs@1.1.0 922 | * deps: qs@1.1.0 923 | - Accept urlencoded square brackets 924 | - Accept empty values in implicit array notation 925 | 926 | 2.25.0 / 2014-08-05 927 | =================== 928 | 929 | * deps: body-parser@~1.6.0 930 | - deps: qs@1.0.2 931 | * deps: compression@~1.0.10 932 | - Fix upper-case Content-Type characters prevent compression 933 | - deps: compressible@~1.1.1 934 | * deps: csurf@~1.4.0 935 | - Support changing `req.session` after `csurf` middleware 936 | - Calling `res.csrfToken()` after `req.session.destroy()` will now work 937 | * deps: express-session@~1.7.4 938 | - Fix `res.end` patch to call correct upstream `res.write` 939 | - Fix response end delay for non-chunked responses 940 | * deps: qs@1.0.2 941 | - Complete rewrite 942 | - Limits array length to 20 943 | - Limits object depth to 5 944 | - Limits parameters to 1,000 945 | * deps: serve-static@~1.5.0 946 | - Add `extensions` option 947 | - deps: send@0.8.1 948 | 949 | 2.24.3 / 2014-08-04 950 | =================== 951 | 952 | * deps: serve-index@~1.1.5 953 | - Fix Content-Length calculation for multi-byte file names 954 | - deps: accepts@~1.0.7 955 | * deps: serve-static@~1.4.4 956 | - Fix incorrect 403 on Windows and Node.js 0.11 957 | - deps: send@0.7.4 958 | 959 | 2.24.2 / 2014-07-27 960 | =================== 961 | 962 | * deps: body-parser@~1.5.2 963 | * deps: depd@0.4.4 964 | - Work-around v8 generating empty stack traces 965 | * deps: express-session@~1.7.2 966 | * deps: morgan@~1.2.2 967 | * deps: serve-static@~1.4.2 968 | 969 | 2.24.1 / 2014-07-26 970 | =================== 971 | 972 | * deps: body-parser@~1.5.1 973 | * deps: depd@0.4.3 974 | - Fix exception when global `Error.stackTraceLimit` is too low 975 | * deps: express-session@~1.7.1 976 | * deps: morgan@~1.2.1 977 | * deps: serve-index@~1.1.4 978 | * deps: serve-static@~1.4.1 979 | 980 | 2.24.0 / 2014-07-22 981 | =================== 982 | 983 | * deps: body-parser@~1.5.0 984 | - deps: depd@0.4.2 985 | - deps: iconv-lite@0.4.4 986 | - deps: raw-body@1.3.0 987 | - deps: type-is@~1.3.2 988 | * deps: compression@~1.0.9 989 | - Add `debug` messages 990 | - deps: accepts@~1.0.7 991 | * deps: connect-timeout@~1.2.1 992 | - Accept string for `time` (converted by `ms`) 993 | - deps: debug@1.0.4 994 | * deps: debug@1.0.4 995 | * deps: depd@0.4.2 996 | - Add `TRACE_DEPRECATION` environment variable 997 | - Remove non-standard grey color from color output 998 | - Support `--no-deprecation` argument 999 | - Support `--trace-deprecation` argument 1000 | * deps: express-session@~1.7.0 1001 | - Improve session-ending error handling 1002 | - deps: debug@1.0.4 1003 | - deps: depd@0.4.2 1004 | * deps: finalhandler@0.1.0 1005 | - Respond after request fully read 1006 | - deps: debug@1.0.4 1007 | * deps: method-override@~2.1.2 1008 | - deps: debug@1.0.4 1009 | - deps: parseurl@~1.2.0 1010 | * deps: morgan@~1.2.0 1011 | - Add `:remote-user` token 1012 | - Add `combined` log format 1013 | - Add `common` log format 1014 | - Remove non-standard grey color from `dev` format 1015 | * deps: multiparty@3.3.1 1016 | * deps: parseurl@~1.2.0 1017 | - Cache URLs based on original value 1018 | - Remove no-longer-needed URL mis-parse work-around 1019 | - Simplify the "fast-path" `RegExp` 1020 | * deps: serve-static@~1.4.0 1021 | - Add `dotfiles` option 1022 | - deps: parseurl@~1.2.0 1023 | - deps: send@0.7.0 1024 | 1025 | 2.23.0 / 2014-07-10 1026 | =================== 1027 | 1028 | * deps: debug@1.0.3 1029 | - Add support for multiple wildcards in namespaces 1030 | * deps: express-session@~1.6.4 1031 | * deps: method-override@~2.1.0 1032 | - add simple debug output 1033 | - deps: methods@1.1.0 1034 | - deps: parseurl@~1.1.3 1035 | * deps: parseurl@~1.1.3 1036 | - faster parsing of href-only URLs 1037 | * deps: serve-static@~1.3.1 1038 | - deps: parseurl@~1.1.3 1039 | 1040 | 2.22.0 / 2014-07-03 1041 | =================== 1042 | 1043 | * deps: csurf@~1.3.0 1044 | - Fix `cookie.signed` option to actually sign cookie 1045 | * deps: express-session@~1.6.1 1046 | - Fix `res.end` patch to return correct value 1047 | - Fix `res.end` patch to handle multiple `res.end` calls 1048 | - Reject cookies with missing signatures 1049 | * deps: multiparty@3.3.0 1050 | - Always emit close after all parts ended 1051 | - Fix callback hang in node.js 0.8 on errors 1052 | * deps: serve-static@~1.3.0 1053 | - Accept string for `maxAge` (converted by `ms`) 1054 | - Add `setHeaders` option 1055 | - Include HTML link in redirect response 1056 | - deps: send@0.5.0 1057 | 1058 | 2.21.1 / 2014-06-26 1059 | =================== 1060 | 1061 | * deps: cookie-parser@1.3.2 1062 | - deps: cookie-signature@1.0.4 1063 | * deps: cookie-signature@1.0.4 1064 | - fix for timing attacks 1065 | * deps: express-session@~1.5.2 1066 | - deps: cookie-signature@1.0.4 1067 | * deps: type-is@~1.3.2 1068 | - more mime types 1069 | 1070 | 2.21.0 / 2014-06-20 1071 | =================== 1072 | 1073 | * deprecate `connect(middleware)` -- use `app.use(middleware)` instead 1074 | * deprecate `connect.createServer()` -- use `connect()` instead 1075 | * fix `res.setHeader()` patch to work with get -> append -> set pattern 1076 | * deps: compression@~1.0.8 1077 | * deps: errorhandler@~1.1.1 1078 | * deps: express-session@~1.5.0 1079 | - Deprecate integration with `cookie-parser` middleware 1080 | - Deprecate looking for secret in `req.secret` 1081 | - Directly read cookies; `cookie-parser` no longer required 1082 | - Directly set cookies; `res.cookie` no longer required 1083 | - Generate session IDs with `uid-safe`, faster and even less collisions 1084 | * deps: serve-index@~1.1.3 1085 | 1086 | 2.20.2 / 2014-06-19 1087 | =================== 1088 | 1089 | * deps: body-parser@1.4.3 1090 | - deps: type-is@1.3.1 1091 | 1092 | 2.20.1 / 2014-06-19 1093 | =================== 1094 | 1095 | * deps: type-is@1.3.1 1096 | - fix global variable leak 1097 | 1098 | 2.20.0 / 2014-06-19 1099 | =================== 1100 | 1101 | * deprecate `verify` option to `json` -- use `body-parser` npm module instead 1102 | * deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead 1103 | * deprecate things with `depd` module 1104 | * use `finalhandler` for final response handling 1105 | * use `media-typer` to parse `content-type` for charset 1106 | * deps: body-parser@1.4.2 1107 | - check accepted charset in content-type (accepts utf-8) 1108 | - check accepted encoding in content-encoding (accepts identity) 1109 | - deprecate `urlencoded()` without provided `extended` option 1110 | - lazy-load urlencoded parsers 1111 | - support gzip and deflate bodies 1112 | - set `inflate: false` to turn off 1113 | - deps: raw-body@1.2.2 1114 | - deps: type-is@1.3.0 1115 | - Support all encodings from `iconv-lite` 1116 | * deps: connect-timeout@1.1.1 1117 | - deps: debug@1.0.2 1118 | * deps: cookie-parser@1.3.1 1119 | - export parsing functions 1120 | - `req.cookies` and `req.signedCookies` are now plain objects 1121 | - slightly faster parsing of many cookies 1122 | * deps: csurf@1.2.2 1123 | * deps: errorhandler@1.1.0 1124 | - Display error on console formatted like `throw` 1125 | - Escape HTML in stack trace 1126 | - Escape HTML in title 1127 | - Fix up edge cases with error sent in response 1128 | - Set `X-Content-Type-Options: nosniff` header 1129 | - Use accepts for negotiation 1130 | * deps: express-session@1.4.0 1131 | - Add `genid` option to generate custom session IDs 1132 | - Add `saveUninitialized` option to control saving uninitialized sessions 1133 | - Add `unset` option to control unsetting `req.session` 1134 | - Generate session IDs with `rand-token` by default; reduce collisions 1135 | - Integrate with express "trust proxy" by default 1136 | - deps: buffer-crc32@0.2.3 1137 | - deps: debug@1.0.2 1138 | * deps: multiparty@3.2.9 1139 | * deps: serve-index@1.1.2 1140 | - deps: batch@0.5.1 1141 | * deps: type-is@1.3.0 1142 | - improve type parsing 1143 | * deps: vhost@2.0.0 1144 | - Accept `RegExp` object for `hostname` 1145 | - Provide `req.vhost` object 1146 | - Support IPv6 literal in `Host` header 1147 | 1148 | 2.19.6 / 2014-06-11 1149 | =================== 1150 | 1151 | * deps: body-parser@1.3.1 1152 | - deps: type-is@1.2.1 1153 | * deps: compression@1.0.7 1154 | - use vary module for better `Vary` behavior 1155 | - deps: accepts@1.0.3 1156 | - deps: compressible@1.1.0 1157 | * deps: debug@1.0.2 1158 | * deps: serve-index@1.1.1 1159 | - deps: accepts@1.0.3 1160 | * deps: serve-static@1.2.3 1161 | - Do not throw un-catchable error on file open race condition 1162 | - deps: send@0.4.3 1163 | 1164 | 2.19.5 / 2014-06-09 1165 | =================== 1166 | 1167 | * deps: csurf@1.2.1 1168 | - refactor to use csrf-tokens@~1.0.2 1169 | * deps: debug@1.0.1 1170 | * deps: serve-static@1.2.2 1171 | - fix "event emitter leak" warnings 1172 | - deps: send@0.4.2 1173 | * deps: type-is@1.2.1 1174 | - Switch dependency from `mime` to `mime-types@1.0.0` 1175 | 1176 | 2.19.4 / 2014-06-05 1177 | =================== 1178 | 1179 | * deps: errorhandler@1.0.2 1180 | - Pass on errors from reading error files 1181 | * deps: method-override@2.0.2 1182 | - use vary module for better `Vary` behavior 1183 | * deps: serve-favicon@2.0.1 1184 | - Reduce byte size of `ETag` header 1185 | 1186 | 2.19.3 / 2014-06-03 1187 | =================== 1188 | 1189 | * deps: compression@1.0.6 1190 | - fix listeners for delayed stream creation 1191 | - fix regression for certain `stream.pipe(res)` situations 1192 | - fix regression when negotiation fails 1193 | 1194 | 2.19.2 / 2014-06-03 1195 | =================== 1196 | 1197 | * deps: compression@1.0.4 1198 | - fix adding `Vary` when value stored as array 1199 | - fix back-pressure behavior 1200 | - fix length check for `res.end` 1201 | 1202 | 2.19.1 / 2014-06-02 1203 | =================== 1204 | 1205 | * fix deprecated `utils.escape` 1206 | 1207 | 2.19.0 / 2014-06-02 1208 | =================== 1209 | 1210 | * deprecate `methodOverride()` -- use `method-override` npm module instead 1211 | * deps: body-parser@1.3.0 1212 | - add `extended` option to urlencoded parser 1213 | * deps: method-override@2.0.1 1214 | - set `Vary` header 1215 | - deps: methods@1.0.1 1216 | * deps: multiparty@3.2.8 1217 | * deps: response-time@2.0.0 1218 | - add `digits` argument 1219 | - do not override existing `X-Response-Time` header 1220 | - timer not subject to clock drift 1221 | - timer resolution down to nanoseconds 1222 | * deps: serve-static@1.2.1 1223 | - send max-age in Cache-Control in correct format 1224 | - use `escape-html` for escaping 1225 | - deps: send@0.4.1 1226 | 1227 | 2.18.0 / 2014-05-29 1228 | =================== 1229 | 1230 | * deps: compression@1.0.3 1231 | * deps: serve-index@1.1.0 1232 | - Fix content negotiation when no `Accept` header 1233 | - Properly support all HTTP methods 1234 | - Support vanilla node.js http servers 1235 | - Treat `ENAMETOOLONG` as code 414 1236 | - Use accepts for negotiation 1237 | * deps: serve-static@1.2.0 1238 | - Calculate ETag with md5 for reduced collisions 1239 | - Fix wrong behavior when index file matches directory 1240 | - Ignore stream errors after request ends 1241 | - Skip directories in index file search 1242 | - deps: send@0.4.0 1243 | 1244 | 2.17.3 / 2014-05-27 1245 | =================== 1246 | 1247 | * deps: express-session@1.2.1 1248 | - Fix `resave` such that `resave: true` works 1249 | 1250 | 2.17.2 / 2014-05-27 1251 | =================== 1252 | 1253 | * deps: body-parser@1.2.2 1254 | - invoke `next(err)` after request fully read 1255 | - deps: raw-body@1.1.6 1256 | * deps: method-override@1.0.2 1257 | - Handle `req.body` key referencing array or object 1258 | - Handle multiple HTTP headers 1259 | 1260 | 2.17.1 / 2014-05-21 1261 | =================== 1262 | 1263 | * fix `res.charset` appending charset when `content-type` has one 1264 | 1265 | 2.17.0 / 2014-05-20 1266 | =================== 1267 | 1268 | * deps: express-session@1.2.0 1269 | - Add `resave` option to control saving unmodified sessions 1270 | * deps: morgan@1.1.1 1271 | - "dev" format will use same tokens as other formats 1272 | - `:response-time` token is now empty when immediate used 1273 | - `:response-time` token is now monotonic 1274 | - `:response-time` token has precision to 1 μs 1275 | - fix `:status` + immediate output in node.js 0.8 1276 | - improve `buffer` option to prevent indefinite event loop holding 1277 | - simplify method to get remote address 1278 | - deps: bytes@1.0.0 1279 | * deps: serve-index@1.0.3 1280 | - Fix error from non-statable files in HTML view 1281 | 1282 | 2.16.2 / 2014-05-18 1283 | =================== 1284 | 1285 | * fix edge-case in `res.appendHeader` that would append in wrong order 1286 | * deps: method-override@1.0.1 1287 | 1288 | 2.16.1 / 2014-05-17 1289 | =================== 1290 | 1291 | * remove usages of `res.headerSent` from core 1292 | 1293 | 2.16.0 / 2014-05-17 1294 | =================== 1295 | 1296 | * deprecate `res.headerSent` -- use `res.headersSent` 1297 | * deprecate `res.on("header")` -- use on-headers module instead 1298 | * fix `connect.version` to reflect the actual version 1299 | * json: use body-parser 1300 | - add `type` option 1301 | - fix repeated limit parsing with every request 1302 | - improve parser speed 1303 | * urlencoded: use body-parser 1304 | - add `type` option 1305 | - fix repeated limit parsing with every request 1306 | * dep: bytes@1.0.0 1307 | * add negative support 1308 | * dep: cookie-parser@1.1.0 1309 | - deps: cookie@0.1.2 1310 | * dep: csurf@1.2.0 1311 | - add support for double-submit cookie 1312 | * dep: express-session@1.1.0 1313 | - Add `name` option; replacement for `key` option 1314 | - Use `setImmediate` in MemoryStore for node.js >= 0.10 1315 | 1316 | 2.15.0 / 2014-05-04 1317 | =================== 1318 | 1319 | * Add simple `res.cookie` support 1320 | * Add `res.appendHeader` 1321 | * Call error stack even when response has been sent 1322 | * Patch `res.headerSent` to return Boolean 1323 | * Patch `res.headersSent` for node.js 0.8 1324 | * Prevent default 404 handler after response sent 1325 | * dep: compression@1.0.2 1326 | * support headers given to `res.writeHead` 1327 | * deps: bytes@0.3.0 1328 | * deps: negotiator@0.4.3 1329 | * dep: connect-timeout@1.1.0 1330 | * Add `req.timedout` property 1331 | * Add `respond` option to constructor 1332 | * Clear timer on socket destroy 1333 | * deps: debug@0.8.1 1334 | * dep: debug@^0.8.0 1335 | * add `enable()` method 1336 | * change from stderr to stdout 1337 | * dep: errorhandler@1.0.1 1338 | * Clean up error CSS 1339 | * Do not respond after headers sent 1340 | * dep: express-session@1.0.4 1341 | * Remove import of `setImmediate` 1342 | * Use `res.cookie()` instead of `res.setHeader()` 1343 | * deps: cookie@0.1.2 1344 | * deps: debug@0.8.1 1345 | * dep: morgan@1.0.1 1346 | * Make buffer unique per morgan instance 1347 | * deps: bytes@0.3.0 1348 | * dep: serve-favicon@2.0.0 1349 | * Accept `Buffer` of icon as first argument 1350 | * Non-GET and HEAD requests are denied 1351 | * Send valid max-age value 1352 | * Support conditional requests 1353 | * Support max-age=0 1354 | * Support OPTIONS method 1355 | * Throw if `path` argument is directory 1356 | * dep: serve-index@1.0.2 1357 | * Add stylesheet option 1358 | * deps: negotiator@0.4.3 1359 | 1360 | 2.14.5 / 2014-04-24 1361 | =================== 1362 | 1363 | * dep: raw-body@1.1.4 1364 | * allow true as an option 1365 | * deps: bytes@0.3.0 1366 | * dep: serve-static@1.1.0 1367 | * Accept options directly to `send` module 1368 | * deps: send@0.3.0 1369 | 1370 | 2.14.4 / 2014-04-07 1371 | =================== 1372 | 1373 | * dep: bytes@0.3.0 1374 | * added terabyte support 1375 | * dep: csurf@1.1.0 1376 | * add constant-time string compare 1377 | * dep: serve-static@1.0.4 1378 | * Resolve relative paths at middleware setup 1379 | * Use parseurl to parse the URL from request 1380 | * fix node.js 0.8 compatibility with memory session 1381 | 1382 | 2.14.3 / 2014-03-18 1383 | =================== 1384 | 1385 | * dep: static-favicon@1.0.2 1386 | * Fixed content of default icon 1387 | 1388 | 2.14.2 / 2014-03-11 1389 | =================== 1390 | 1391 | * dep: static-favicon@1.0.1 1392 | * Fixed path to default icon 1393 | 1394 | 2.14.1 / 2014-03-06 1395 | =================== 1396 | 1397 | * dep: fresh@0.2.2 1398 | * no real changes 1399 | * dep: serve-index@1.0.1 1400 | * deps: negotiator@0.4.2 1401 | * dep: serve-static@1.0.2 1402 | * deps: send@0.2.0 1403 | 1404 | 2.14.0 / 2014-03-05 1405 | =================== 1406 | 1407 | * basicAuth: use basic-auth-connect 1408 | * cookieParser: use cookie-parser 1409 | * compress: use compression 1410 | * csrf: use csurf 1411 | * dep: cookie-signature@1.0.3 1412 | * directory: use serve-index 1413 | * errorHandler: use errorhandler 1414 | * favicon: use static-favicon 1415 | * logger: use morgan 1416 | * methodOverride: use method-override 1417 | * responseTime: use response-time 1418 | * session: use express-session 1419 | * static: use serve-static 1420 | * timeout: use connect-timeout 1421 | * vhost: use vhost 1422 | 1423 | 2.13.1 / 2014-03-05 1424 | =================== 1425 | 1426 | * cookieSession: compare full value rather than crc32 1427 | * deps: raw-body@1.1.3 1428 | 1429 | 2.13.0 / 2014-02-14 1430 | =================== 1431 | 1432 | * fix typo in memory store warning #974 @rvagg 1433 | * compress: use compressible 1434 | * directory: add template option #990 @gottaloveit @Earl-Brown 1435 | * csrf: prevent deprecated warning with old sessions 1436 | 1437 | 2.12.0 / 2013-12-10 1438 | =================== 1439 | 1440 | * bump qs 1441 | * directory: sort folders before files 1442 | * directory: add folder icons 1443 | * directory: de-duplicate icons, details/mobile views #968 @simov 1444 | * errorHandler: end default 404 handler with a newline #972 @rlidwka 1445 | * session: remove long cookie expire check #870 @undoZen 1446 | 1447 | 2.11.2 / 2013-12-01 1448 | =================== 1449 | 1450 | * bump raw-body 1451 | 1452 | 2.11.1 / 2013-11-27 1453 | =================== 1454 | 1455 | * bump raw-body 1456 | * errorHandler: use `res.setHeader()` instead of `res.writeHead()` #949 @lo1tuma 1457 | 1458 | 2.11.0 / 2013-10-29 1459 | =================== 1460 | 1461 | * update bytes 1462 | * update uid2 1463 | * update negotiator 1464 | * sessions: add rolling session option #944 @ilmeo 1465 | * sessions: property set cookies when given FQDN 1466 | * cookieSessions: properly set cookies when given FQDN #948 @bmancini55 1467 | * proto: fix FQDN mounting when multiple handlers #945 @bmancini55 1468 | 1469 | 2.10.1 / 2013-10-23 1470 | =================== 1471 | 1472 | * fixed; fixed a bug with static middleware at root and trailing slashes #942 (@dougwilson) 1473 | 1474 | 2.10.0 / 2013-10-22 1475 | =================== 1476 | 1477 | * fixed: set headers written by writeHead before emitting 'header' 1478 | * fixed: mounted path should ignore querystrings on FQDNs #940 (@dougwilson) 1479 | * fixed: parsing protocol-relative URLs with @ as pathnames #938 (@dougwilson) 1480 | * fixed: fix static directory redirect for mount's root #937 (@dougwilson) 1481 | * fixed: setting set-cookie header when mixing arrays and strings #893 (@anuj123) 1482 | * bodyParser: optional verify function for urlencoded and json parsers for signing request bodies 1483 | * compress: compress checks content-length to check threshold 1484 | * compress: expose `res.flush()` for flushing responses 1485 | * cookieParser: pass options into node-cookie #803 (@cauldrath) 1486 | * errorHandler: replace `\n`s with `
`s in error handler 1487 | 1488 | 2.9.2 / 2013-10-18 1489 | ================== 1490 | 1491 | * warn about multiparty and limit middleware deprecation for v3 1492 | * fix fully qualified domain name mounting. #920 (@dougwilson) 1493 | * directory: Fix potential security issue with serving files outside the root. #929 (@dougwilson) 1494 | * logger: store IP at beginning in case socket prematurely closes #930 (@dougwilson) 1495 | 1496 | 2.9.1 / 2013-10-15 1497 | ================== 1498 | 1499 | * update multiparty 1500 | * compress: Set vary header only if Content-Type passes filter #904 1501 | * directory: Fix directory middleware URI escaping #917 (@dougwilson) 1502 | * directory: Fix directory seperators for Windows #914 (@dougwilson) 1503 | * directory: Keep query string intact during directory redirect #913 (@dougwilson) 1504 | * directory: Fix paths in links #730 (@JacksonTian) 1505 | * errorHandler: Don't escape text/plain as HTML #875 (@johan) 1506 | * logger: Write '0' instead of '-' when response time is zero #910 (@dougwilson) 1507 | * logger: Log even when connections are aborted #760 (@dylanahsmith) 1508 | * methodOverride: Check req.body is an object #907 (@kbjr) 1509 | * multipart: Add .type back to file parts for backwards compatibility #912 (@dougwilson) 1510 | * multipart: Allow passing options to the Multiparty constructor #902 (@niftylettuce) 1511 | 1512 | 2.9.0 / 2013-09-07 1513 | ================== 1514 | 1515 | * multipart: add docs regarding tmpfiles 1516 | * multipart: add .name back to file parts 1517 | * multipart: use multiparty instead of formidable 1518 | 1519 | 2.8.8 / 2013-09-02 1520 | ================== 1521 | 1522 | * csrf: change to math.random() salt and remove csrfToken() callback 1523 | 1524 | 2.8.7 / 2013-08-28 1525 | ================== 1526 | 1527 | * csrf: prevent salt generation on every request, and add async req.csrfToken(fn) 1528 | 1529 | 2.8.6 / 2013-08-28 1530 | ================== 1531 | 1532 | * csrf: refactor to use HMAC tokens (BREACH attack) 1533 | * compress: add compression of SVG and common font files by default. 1534 | 1535 | 2.8.5 / 2013-08-11 1536 | ================== 1537 | 1538 | * add: compress Dart source files by default 1539 | * update fresh 1540 | 1541 | 2.8.4 / 2013-07-08 1542 | ================== 1543 | 1544 | * update send 1545 | 1546 | 2.8.3 / 2013-07-04 1547 | ================== 1548 | 1549 | * add a name back to static middleware ("staticMiddleware") 1550 | * fix .hasBody() utility to require transfer-encoding or content-length 1551 | 1552 | 2.8.2 / 2013-07-03 1553 | ================== 1554 | 1555 | * update send 1556 | * update cookie dep. 1557 | * add better debug() for middleware 1558 | * add whitelisting of supported methods to methodOverride() 1559 | 1560 | 2.8.1 / 2013-06-27 1561 | ================== 1562 | 1563 | * fix: escape req.method in 404 response 1564 | 1565 | 2.8.0 / 2013-06-26 1566 | ================== 1567 | 1568 | * add `threshold` option to `compress()` to prevent compression of small responses 1569 | * add support for vendor JSON mime types in json() 1570 | * add X-Forwarded-Proto initial https proxy support 1571 | * change static redirect to 303 1572 | * change octal escape sequences for strict mode 1573 | * change: replace utils.uid() with uid2 lib 1574 | * remove other "static" function name. Fixes #794 1575 | * fix: hasBody() should return false if Content-Length: 0 1576 | 1577 | 2.7.11 / 2013-06-02 1578 | ================== 1579 | 1580 | * update send 1581 | 1582 | 2.7.10 / 2013-05-21 1583 | ================== 1584 | 1585 | * update qs 1586 | * update formidable 1587 | * fix: write/end to noop() when request aborted 1588 | 1589 | 2.7.9 / 2013-05-07 1590 | ================== 1591 | 1592 | * update qs 1593 | * drop support for node < v0.8 1594 | 1595 | 2.7.8 / 2013-05-03 1596 | ================== 1597 | 1598 | * update qs 1599 | 1600 | 2.7.7 / 2013-04-29 1601 | ================== 1602 | 1603 | * update qs dependency 1604 | * remove "static" function name. Closes #794 1605 | * update node-formidable 1606 | * update buffer-crc32 1607 | 1608 | 2.7.6 / 2013-04-15 1609 | ================== 1610 | 1611 | * revert cookie signature which was creating session race conditions 1612 | 1613 | 2.7.5 / 2013-04-12 1614 | ================== 1615 | 1616 | * update cookie-signature 1617 | * limit: do not consume request in node 0.10.x 1618 | 1619 | 2.7.4 / 2013-04-01 1620 | ================== 1621 | 1622 | * session: add long expires check and prevent excess set-cookie 1623 | * session: add console.error() of session#save() errors 1624 | 1625 | 2.7.3 / 2013-02-19 1626 | ================== 1627 | 1628 | * add name to compress middleware 1629 | * add appending Accept-Encoding to Vary when set but missing 1630 | * add tests for csrf middleware 1631 | * add 'next' support for connect() server handler 1632 | * change utils.uid() to return url-safe chars. Closes #753 1633 | * fix treating '.' as a regexp in vhost() 1634 | * fix duplicate bytes dep in package.json. Closes #743 1635 | * fix #733 - parse x-forwarded-proto in a more generally compatibly way 1636 | * revert "add support for `next(status[, msg])`"; makes composition hard 1637 | 1638 | 2.7.2 / 2013-01-04 1639 | ================== 1640 | 1641 | * add support for `next(status[, msg])` back 1642 | * add utf-8 meta tag to support foreign characters in filenames/directories 1643 | * change `timeout()` 408 to 503 1644 | * replace 'node-crc' with 'buffer-crc32', fixes licensing 1645 | * fix directory.html IE support 1646 | 1647 | 2.7.1 / 2012-12-05 1648 | ================== 1649 | 1650 | * add directory() tests 1651 | * add support for bodyParser to ignore Content-Type if no body is present (jquery primarily does this poorely) 1652 | * fix errorHandler signature 1653 | 1654 | 2.7.0 / 2012-11-13 1655 | ================== 1656 | 1657 | * add support for leading JSON whitespace 1658 | * add logging of `req.ip` when present 1659 | * add basicAuth support for `:`-delimited string 1660 | * update cookie module. Closes #688 1661 | 1662 | 2.6.2 / 2012-11-01 1663 | ================== 1664 | 1665 | * add `debug()` for disconnected session store 1666 | * fix session regeneration bug. Closes #681 1667 | 1668 | 2.6.1 / 2012-10-25 1669 | ================== 1670 | 1671 | * add passing of `connect.timeout()` errors to `next()` 1672 | * replace signature utils with cookie-signature module 1673 | 1674 | 2.6.0 / 2012-10-09 1675 | ================== 1676 | 1677 | * add `defer` option to `multipart()` [Blake Miner] 1678 | * fix mount path case sensitivity. Closes #663 1679 | * fix default of ascii encoding from `logger()`, now utf8. Closes #293 1680 | 1681 | 2.5.0 / 2012-09-27 1682 | ================== 1683 | 1684 | * add `err.status = 400` to multipart() errors 1685 | * add double-encoding protection to `compress()`. Closes #659 1686 | * add graceful handling cookie parsing errors [shtylman] 1687 | * fix typo X-Response-time to X-Response-Time 1688 | 1689 | 2.4.6 / 2012-09-18 1690 | ================== 1691 | 1692 | * update qs 1693 | 1694 | 2.4.5 / 2012-09-03 1695 | ================== 1696 | 1697 | * add session store "connect" / "disconnect" support [louischatriot] 1698 | * fix `:url` log token 1699 | 1700 | 2.4.4 / 2012-08-21 1701 | ================== 1702 | 1703 | * fix `static()` pause regression from "send" integration 1704 | 1705 | 2.4.3 / 2012-08-07 1706 | ================== 1707 | 1708 | * fix `.write()` encoding for zlib inconstancy. Closes #561 1709 | 1710 | 2.4.2 / 2012-07-25 1711 | ================== 1712 | 1713 | * remove limit default from `urlencoded()` 1714 | * remove limit default from `json()` 1715 | * remove limit default from `multipart()` 1716 | * fix `cookieSession()` clear cookie path / domain bug. Closes #636 1717 | 1718 | 2.4.1 / 2012-07-24 1719 | ================== 1720 | 1721 | * fix `options` mutation in `static()` 1722 | 1723 | 2.4.0 / 2012-07-23 1724 | ================== 1725 | 1726 | * add `connect.timeout()` 1727 | * add __GET__ / __HEAD__ check to `directory()`. Closes #634 1728 | * add "pause" util dep 1729 | * update send dep for normalization bug 1730 | 1731 | 2.3.9 / 2012-07-16 1732 | ================== 1733 | 1734 | * add more descriptive invalid json error message 1735 | * update send dep for root normalization regression 1736 | * fix staticCache fresh dep 1737 | 1738 | 2.3.8 / 2012-07-12 1739 | ================== 1740 | 1741 | * fix `connect.static()` 404 regression, pass `next()`. Closes #629 1742 | 1743 | 2.3.7 / 2012-07-05 1744 | ================== 1745 | 1746 | * add `json()` utf-8 illustration test. Closes #621 1747 | * add "send" dependency 1748 | * change `connect.static()` internals to use "send" 1749 | * fix `session()` req.session generation with pathname mismatch 1750 | * fix `cookieSession()` req.session generation with pathname mismatch 1751 | * fix mime export. Closes #618 1752 | 1753 | 2.3.6 / 2012-07-03 1754 | ================== 1755 | 1756 | * Fixed cookieSession() with cookieParser() secret regression. Closes #602 1757 | * Fixed set-cookie header fields on cookie.path mismatch. Closes #615 1758 | 1759 | 2.3.5 / 2012-06-28 1760 | ================== 1761 | 1762 | * Remove `logger()` mount check 1763 | * Fixed `staticCache()` dont cache responses with set-cookie. Closes #607 1764 | * Fixed `staticCache()` when Cookie is present 1765 | 1766 | 2.3.4 / 2012-06-22 1767 | ================== 1768 | 1769 | * Added `err.buf` to urlencoded() and json() 1770 | * Update cookie to 0.0.4. Closes #604 1771 | * Fixed: only send 304 if original response in 2xx or 304 [timkuijsten] 1772 | 1773 | 2.3.3 / 2012-06-11 1774 | ================== 1775 | 1776 | * Added ETags back to `static()` [timkuijsten] 1777 | * Replaced `utils.parseRange()` with `range-parser` module 1778 | * Replaced `utils.parseBytes()` with `bytes` module 1779 | * Replaced `utils.modified()` with `fresh` module 1780 | * Fixed `cookieSession()` regression with invalid cookie signing [shtylman] 1781 | 1782 | 2.3.2 / 2012-06-08 1783 | ================== 1784 | 1785 | * expose mime module 1786 | * Update crc dep (which bundled nodeunit) 1787 | 1788 | 2.3.1 / 2012-06-06 1789 | ================== 1790 | 1791 | * Added `secret` option to `cookieSession` middleware [shtylman] 1792 | * Added `secret` option to `session` middleware [shtylman] 1793 | * Added `req.remoteUser` back to `basicAuth()` as alias of `req.user` 1794 | * Performance: improve signed cookie parsing 1795 | * Update `cookie` dependency [shtylman] 1796 | 1797 | 2.3.0 / 2012-05-20 1798 | ================== 1799 | 1800 | * Added limit option to `json()` 1801 | * Added limit option to `urlencoded()` 1802 | * Added limit option to `multipart()` 1803 | * Fixed: remove socket error event listener on callback 1804 | * Fixed __ENOTDIR__ error on `static` middleware 1805 | 1806 | 2.2.2 / 2012-05-07 1807 | ================== 1808 | 1809 | * Added support to csrf middle for pre-flight CORS requests 1810 | * Updated `engines` to allow newer version of node 1811 | * Removed duplicate repo prop. Closes #560 1812 | 1813 | 2.2.1 / 2012-04-28 1814 | ================== 1815 | 1816 | * Fixed `static()` redirect when mounted. Closes #554 1817 | 1818 | 2.2.0 / 2012-04-25 1819 | ================== 1820 | 1821 | * Added `make benchmark` 1822 | * Perf: memoize url parsing (~20% increase) 1823 | * Fixed `connect(fn, fn2, ...)`. Closes #549 1824 | 1825 | 2.1.3 / 2012-04-20 1826 | ================== 1827 | 1828 | * Added optional json() `reviver` function to be passed to JSON.parse [jed] 1829 | * Fixed: emit drain in compress middleware [nsabovic] 1830 | 1831 | 2.1.2 / 2012-04-11 1832 | ================== 1833 | 1834 | * Fixed cookieParser() `req.cookies` regression 1835 | 1836 | 2.1.1 / 2012-04-11 1837 | ================== 1838 | 1839 | * Fixed `session()` browser-session length cookies & examples 1840 | * Fixed: make `query()` "self-aware" [jed] 1841 | 1842 | 2.1.0 / 2012-04-05 1843 | ================== 1844 | 1845 | * Added `debug()` calls to `.use()` (`DEBUG=connect:displatcher`) 1846 | * Added `urlencoded()` support for GET 1847 | * Added `json()` support for GET. Closes #497 1848 | * Added `strict` option to `json()` 1849 | * Changed: `session()` only set-cookie when modified 1850 | * Removed `Session#lastAccess` property. Closes #399 1851 | 1852 | 2.0.3 / 2012-03-20 1853 | ================== 1854 | 1855 | * Added: `cookieSession()` only sets cookie on change. Closes #442 1856 | * Added `connect:dispatcher` debug() probes 1857 | 1858 | 2.0.2 / 2012-03-04 1859 | ================== 1860 | 1861 | * Added test for __ENAMETOOLONG__ now that node is fixed 1862 | * Fixed static() index "/" check on windows. Closes #498 1863 | * Fixed Content-Range behaviour to match RFC2616 [matthiasdg / visionmedia] 1864 | 1865 | 2.0.1 / 2012-02-29 1866 | ================== 1867 | 1868 | * Added test coverage for `vhost()` middleware 1869 | * Changed `cookieParser()` signed cookie support to use SHA-2 [senotrusov] 1870 | * Fixed `static()` Range: respond with 416 when unsatisfiable 1871 | * Fixed `vhost()` middleware. Closes #494 1872 | 1873 | 2.0.0 / 2011-10-05 1874 | ================== 1875 | 1876 | * Added `cookieSession()` middleware for cookie-only sessions 1877 | * Added `compress()` middleware for gzip / deflate support 1878 | * Added `session()` "proxy" setting to trust `X-Forwarded-Proto` 1879 | * Added `json()` middleware to parse "application/json" 1880 | * Added `urlencoded()` middleware to parse "application/x-www-form-urlencoded" 1881 | * Added `multipart()` middleware to parse "multipart/form-data" 1882 | * Added `cookieParser(secret)` support so anything using this middleware may access signed cookies 1883 | * Added signed cookie support to `cookieParser()` 1884 | * Added support for JSON-serialized cookies to `cookieParser()` 1885 | * Added `err.status` support in Connect's default end-point 1886 | * Added X-Cache MISS / HIT to `staticCache()` 1887 | * Added public `res.headerSent` checking nodes `res._headerSent` until node does 1888 | * Changed `basicAuth()` req.remoteUser to req.user 1889 | * Changed: default `session()` to a browser-session cookie. Closes #475 1890 | * Changed: no longer lowercase cookie names 1891 | * Changed `bodyParser()` to use `json()`, `urlencoded()`, and `multipart()` 1892 | * Changed: `errorHandler()` is now a development-only middleware 1893 | * Changed middleware to `next()` errors when possible so applications can unify logging / handling 1894 | * Removed `http[s].Server` inheritance, now just a function, making it easy to have an app providing both http and https 1895 | * Removed `.createServer()` (use `connect()`) 1896 | * Removed `secret` option from `session()`, use `cookieParser(secret)` 1897 | * Removed `connect.session.ignore` array support 1898 | * Removed `router()` middleware. Closes #262 1899 | * Fixed: set-cookie only once for browser-session cookies 1900 | * Fixed FQDN support. dont add leading "/" 1901 | * Fixed 404 XSS attack vector. Closes #473 1902 | * Fixed __HEAD__ support for 404s and 500s generated by Connect's end-point 1903 | 1904 | 1.8.5 / 2011-12-22 1905 | ================== 1906 | 1907 | * Fixed: actually allow empty body for json 1908 | 1909 | 1.8.4 / 2011-12-22 1910 | ================== 1911 | 1912 | * Changed: allow empty body for json/urlencoded requests. Backport for #443 1913 | 1914 | 1.8.3 / 2011-12-16 1915 | ================== 1916 | 1917 | * Fixed `static()` _index.html_ support on windows 1918 | 1919 | 1.8.2 / 2011-12-03 1920 | ================== 1921 | 1922 | * Fixed potential security issue, store files in req.files. Closes #431 [reported by dobesv] 1923 | 1924 | 1.8.1 / 2011-11-21 1925 | ================== 1926 | 1927 | * Added nesting support for _multipart/form-data_ [jackyz] 1928 | 1929 | 1.8.0 / 2011-11-17 1930 | ================== 1931 | 1932 | * Added _multipart/form-data_ support to `bodyParser()` using formidable 1933 | 1934 | 1.7.3 / 2011-11-11 1935 | ================== 1936 | 1937 | * Fixed `req.body`, always default to {} 1938 | * Fixed HEAD support for 404s and 500s 1939 | 1940 | 1.7.2 / 2011-10-24 1941 | ================== 1942 | 1943 | * "node": ">= 0.4.1 < 0.7.0" 1944 | * Added `static()` redirect option. Closes #398 1945 | * Changed `limit()`: respond with 413 when content-length exceeds the limit 1946 | * Removed socket error listener in static(). Closes #389 1947 | * Fixed `staticCache()` Age header field 1948 | * Fixed race condition causing errors reported in #329. 1949 | 1950 | 1.7.1 / 2011-09-12 1951 | ================== 1952 | 1953 | * Added: make `Store` inherit from `EventEmitter` 1954 | * Added session `Store#load(sess, fn)` to fetch a `Session` instance 1955 | * Added backpressure support to `staticCache()` 1956 | * Changed `res.socket.destroy()` to `req.socket.destroy()` 1957 | 1958 | 1.7.0 / 2011-08-31 1959 | ================== 1960 | 1961 | * Added `staticCache()` middleware, a memory cache for `static()` 1962 | * Added public `res.headerSent` checking nodes `res._headerSent` (remove when node adds this) 1963 | * Changed: ignore error handling middleware when header is sent 1964 | * Changed: dispatcher errors after header is sent destroy the sock 1965 | 1966 | 1.6.4 / 2011-08-26 1967 | ================== 1968 | 1969 | * Revert "Added double-next reporting" 1970 | 1971 | 1.6.3 / 2011-08-26 1972 | ================== 1973 | 1974 | * Added double-`next()` reporting 1975 | * Added `immediate` option to `logger()`. Closes #321 1976 | * Dependency `qs >= 0.3.1` 1977 | 1978 | 1.6.2 / 2011-08-11 1979 | ================== 1980 | 1981 | * Fixed `connect.static()` null byte vulnerability 1982 | * Fixed `connect.directory()` null byte vulnerability 1983 | * Changed: 301 redirect in `static()` to postfix "/" on directory. Closes #289 1984 | 1985 | 1.6.1 / 2011-08-03 1986 | ================== 1987 | 1988 | * Added: allow retval `== null` from logger callback to ignore line 1989 | * Added `getOnly` option to `connect.static.send()` 1990 | * Added response "header" event allowing augmentation 1991 | * Added `X-CSRF-Token` header field check 1992 | * Changed dep `qs >= 0.3.0` 1993 | * Changed: persist csrf token. Closes #322 1994 | * Changed: sort directory middleware files alphabetically 1995 | 1996 | 1.6.0 / 2011-07-10 1997 | ================== 1998 | 1999 | * Added :response-time to "dev" logger format 2000 | * Added simple `csrf()` middleware. Closes #315 2001 | * Fixed `res._headers` logger regression. Closes #318 2002 | * Removed support for multiple middleware being passed to `.use()` 2003 | 2004 | 1.5.2 / 2011-07-06 2005 | ================== 2006 | 2007 | * Added `filter` function option to `directory()` [David Rio Deiros] 2008 | * Changed: re-write of the `logger()` middleware, with extensible tokens and formats 2009 | * Changed: `static.send()` ".." in path without root considered malicious 2010 | * Fixed quotes in docs. Closes #312 2011 | * Fixed urls when mounting `directory()`, use `originalUrl` [Daniel Dickison] 2012 | 2013 | 2014 | 1.5.1 / 2011-06-20 2015 | ================== 2016 | 2017 | * Added malicious path check to `directory()` middleware 2018 | * Added `utils.forbidden(res)` 2019 | * Added `connect.query()` middleware 2020 | 2021 | 1.5.0 / 2011-06-20 2022 | ================== 2023 | 2024 | * Added `connect.directory()` middleware for serving directory listings 2025 | 2026 | 1.4.6 / 2011-06-18 2027 | ================== 2028 | 2029 | * Fixed `connect.static()` root with `..` 2030 | * Fixed `connect.static()` __EBADF__ 2031 | 2032 | 1.4.5 / 2011-06-17 2033 | ================== 2034 | 2035 | * Fixed EBADF in `connect.static()`. Closes #297 2036 | 2037 | 1.4.4 / 2011-06-16 2038 | ================== 2039 | 2040 | * Changed `connect.static()` to check resolved dirname. Closes #294 2041 | 2042 | 1.4.3 / 2011-06-06 2043 | ================== 2044 | 2045 | * Fixed fd leak in `connect.static()` when the socket is closed 2046 | * Fixed; `bodyParser()` ignoring __GET/HEAD__. Closes #285 2047 | 2048 | 1.4.2 / 2011-05-27 2049 | ================== 2050 | 2051 | * Changed to `devDependencies` 2052 | * Fixed stream creation on `static()` __HEAD__ request. [Andreas Lind Petersen] 2053 | * Fixed Win32 support for `static()` 2054 | * Fixed monkey-patch issue. Closes #261 2055 | 2056 | 1.4.1 / 2011-05-08 2057 | ================== 2058 | 2059 | * Added "hidden" option to `static()`. ignores hidden files by default. Closes * Added; expose `connect.static.mime.define()`. Closes #251 2060 | * Fixed `errorHandler` middleware for missing stack traces. [aseemk] 2061 | #274 2062 | 2063 | 1.4.0 / 2011-04-25 2064 | ================== 2065 | 2066 | * Added route-middleware `next('route')` support to jump passed the route itself 2067 | * Added Content-Length support to `limit()` 2068 | * Added route-specific middleware support (used to be in express) 2069 | * Changed; refactored duplicate session logic 2070 | * Changed; prevent redefining `store.generate` per request 2071 | * Fixed; `static()` does not set Content-Type when explicitly set [nateps] 2072 | * Fixed escape `errorHandler()` {error} contents 2073 | * NOTE: `router` will be removed in 2.0 2074 | 2075 | 2076 | 1.3.0 / 2011-04-06 2077 | ================== 2078 | 2079 | * Added `router.remove(path[, method])` to remove a route 2080 | 2081 | 1.2.3 / 2011-04-05 2082 | ================== 2083 | 2084 | * Fixed basicAuth realm issue when passing strings. Closes #253 2085 | 2086 | 1.2.2 / 2011-04-05 2087 | ================== 2088 | 2089 | * Added `basicAuth(username, password)` support 2090 | * Added `errorHandler.title` defaulting to "Connect" 2091 | * Changed `errorHandler` css 2092 | 2093 | 1.2.1 / 2011-03-30 2094 | ================== 2095 | 2096 | * Fixed `logger()` https `remoteAddress` logging [Alexander Simmerl] 2097 | 2098 | 1.2.0 / 2011-03-30 2099 | ================== 2100 | 2101 | * Added `router.lookup(path[, method])` 2102 | * Added `router.match(url[, method])` 2103 | * Added basicAuth async support. Closes #223 2104 | 2105 | 1.1.5 / 2011-03-27 2106 | ================== 2107 | 2108 | * Added; allow `logger()` callback function to return an empty string to ignore logging 2109 | * Fixed; utilizing `mime.charsets.lookup()` for `static()`. Closes 245 2110 | 2111 | 1.1.4 / 2011-03-23 2112 | ================== 2113 | 2114 | * Added `logger()` support for format function 2115 | * Fixed `logger()` to support mess of writeHead()/progressive api for node 0.4.x 2116 | 2117 | 1.1.3 / 2011-03-21 2118 | ================== 2119 | 2120 | * Changed; `limit()` now calls `req.destroy()` 2121 | 2122 | 1.1.2 / 2011-03-21 2123 | ================== 2124 | 2125 | * Added request "limit" event to `limit()` middleware 2126 | * Changed; `limit()` middleware will `next(err)` on failure 2127 | 2128 | 1.1.1 / 2011-03-18 2129 | ================== 2130 | 2131 | * Fixed session middleware for HTTPS. Closes #241 [reported by mt502] 2132 | 2133 | 1.1.0 / 2011-03-17 2134 | ================== 2135 | 2136 | * Added `Session#reload(fn)` 2137 | 2138 | 1.0.6 / 2011-03-09 2139 | ================== 2140 | 2141 | * Fixed `res.setHeader()` patch, preserve casing 2142 | 2143 | 1.0.5 / 2011-03-09 2144 | ================== 2145 | 2146 | * Fixed; `logger()` using `req.originalUrl` instead of `req.url` 2147 | 2148 | 1.0.4 / 2011-03-09 2149 | ================== 2150 | 2151 | * Added `res.charset` 2152 | * Added conditional sessions example 2153 | * Added support for `session.ignore` to be replaced. Closes #227 2154 | * Fixed `Cache-Control` delimiters. Closes #228 2155 | 2156 | 1.0.3 / 2011-03-03 2157 | ================== 2158 | 2159 | * Fixed; `static.send()` invokes callback with connection error 2160 | 2161 | 1.0.2 / 2011-03-02 2162 | ================== 2163 | 2164 | * Fixed exported connect function 2165 | * Fixed package.json; node ">= 0.4.1 < 0.5.0" 2166 | 2167 | 1.0.1 / 2011-03-02 2168 | ================== 2169 | 2170 | * Added `Session#save(fn)`. Closes #213 2171 | * Added callback support to `connect.static.send()` for express 2172 | * Added `connect.static.send()` "path" option 2173 | * Fixed content-type in `static()` for _index.html_ 2174 | 2175 | 1.0.0 / 2011-03-01 2176 | ================== 2177 | 2178 | * Added `stack`, `message`, and `dump` errorHandler option aliases 2179 | * Added `req.originalMethod` to methodOverride 2180 | * Added `favicon()` maxAge option support 2181 | * Added `connect()` alternative to `connect.createServer()` 2182 | * Added new [documentation](http://senchalabs.github.com/connect) 2183 | * Added Range support to `static()` 2184 | * Added HTTPS support 2185 | * Rewrote session middleware. The session API now allows for 2186 | session-specific cookies, so you may alter each individually. 2187 | Click to view the new [session api](http://senchalabs.github.com/connect/middleware-session.html). 2188 | * Added middleware self-awareness. This helps prevent 2189 | middleware breakage when used within mounted servers. 2190 | For example `cookieParser()` will not parse cookies more 2191 | than once even when within a mounted server. 2192 | * Added new examples in the `./examples` directory 2193 | * Added [limit()](http://senchalabs.github.com/connect/middleware-limit.html) middleware 2194 | * Added [profiler()](http://senchalabs.github.com/connect/middleware-profiler.html) middleware 2195 | * Added [responseTime()](http://senchalabs.github.com/connect/middleware-responseTime.html) middleware 2196 | * Renamed `staticProvider` to `static` 2197 | * Renamed `bodyDecoder` to `bodyParser` 2198 | * Renamed `cookieDecoder` to `cookieParser` 2199 | * Fixed ETag quotes. [reported by papandreou] 2200 | * Fixed If-None-Match comma-delimited ETag support. [reported by papandreou] 2201 | * Fixed; only set req.originalUrl once. Closes #124 2202 | * Fixed symlink support for `static()`. Closes #123 2203 | 2204 | 0.5.10 / 2011-02-14 2205 | ================== 2206 | 2207 | * Fixed SID space issue. Closes #196 2208 | * Fixed; proxy `res.end()` to commit session data 2209 | * Fixed directory traversal attack in `staticProvider`. Closes #198 2210 | 2211 | 0.5.9 / 2011-02-09 2212 | ================== 2213 | 2214 | * qs >= 0.0.4 2215 | 2216 | 0.5.8 / 2011-02-04 2217 | ================== 2218 | 2219 | * Added `qs` dependency 2220 | * Fixed router race-condition causing possible failure 2221 | when `next()`ing to one or more routes with parallel 2222 | requests 2223 | 2224 | 0.5.7 / 2011-02-01 2225 | ================== 2226 | 2227 | * Added `onvhost()` call so Express (and others) can know when they are 2228 | * Revert "Added stylus support" (use the middleware which ships with stylus) 2229 | * Removed custom `Server#listen()` to allow regular `http.Server#listen()` args to work properly 2230 | * Fixed long standing router issue (#83) that causes '.' to be disallowed within named placeholders in routes [Andreas Lind Petersen] 2231 | * Fixed `utils.uid()` length error [Jxck] 2232 | mounted 2233 | 2234 | 0.5.6 / 2011-01-23 2235 | ================== 2236 | 2237 | * Added stylus support to `compiler` 2238 | * _favicon.js_ cleanup 2239 | * _compiler.js_ cleanup 2240 | * _bodyDecoder.js_ cleanup 2241 | 2242 | 0.5.5 / 2011-01-13 2243 | ================== 2244 | 2245 | * Changed; using sha256 HMAC instead of md5. [Paul Querna] 2246 | * Changed; generated a longer random UID, without time influence. [Paul Querna] 2247 | * Fixed; session middleware throws when secret is not present. [Paul Querna] 2248 | 2249 | 0.5.4 / 2011-01-07 2250 | ================== 2251 | 2252 | * Added; throw when router path or callback is missing 2253 | * Fixed; `next(err)` on cookie parse exception instead of ignoring 2254 | * Revert "Added utils.pathname(), memoized url.parse(str).pathname" 2255 | 2256 | 0.5.3 / 2011-01-05 2257 | ================== 2258 | 2259 | * Added _docs/api.html_ 2260 | * Added `utils.pathname()`, memoized url.parse(str).pathname 2261 | * Fixed `session.id` issue. Closes #183 2262 | * Changed; Defaulting `staticProvider` maxAge to 0 not 1 year. Closes #179 2263 | * Removed bad outdated docs, we need something new / automated eventually 2264 | 2265 | 0.5.2 / 2010-12-28 2266 | ================== 2267 | 2268 | * Added default __OPTIONS__ support to _router_ middleware 2269 | 2270 | 0.5.1 / 2010-12-28 2271 | ================== 2272 | 2273 | * Added `req.session.id` mirroring `req.sessionID` 2274 | * Refactored router, exposing `connect.router.methods` 2275 | * Exclude non-lib files from npm 2276 | * Removed imposed headers `X-Powered-By`, `Server`, etc 2277 | 2278 | 0.5.0 / 2010-12-06 2279 | ================== 2280 | 2281 | * Added _./index.js_ 2282 | * Added route segment precondition support and example 2283 | * Added named capture group support to router 2284 | 2285 | 0.4.0 / 2010-11-29 2286 | ================== 2287 | 2288 | * Added `basicAuth` middleware 2289 | * Added more HTTP methods to the `router` middleware 2290 | 2291 | 0.3.0 / 2010-07-21 2292 | ================== 2293 | 2294 | * Added _staticGzip_ middleware 2295 | * Added `connect.utils` to expose utils 2296 | * Added `connect.session.Session` 2297 | * Added `connect.session.Store` 2298 | * Added `connect.session.MemoryStore` 2299 | * Added `connect.middleware` to expose the middleware getters 2300 | * Added `buffer` option to _logger_ for performance increase 2301 | * Added _favicon_ middleware for serving your own favicon or the connect default 2302 | * Added option support to _staticProvider_, can now pass _root_ and _lifetime_. 2303 | * Added; mounted `Server` instances now have the `route` property exposed for reflection 2304 | * Added support for callback as first arg to `Server#use()` 2305 | * Added support for `next(true)` in _router_ to bypass match attempts 2306 | * Added `Server#listen()` _host_ support 2307 | * Added `Server#route` when `Server#use()` is called with a route on a `Server` instance 2308 | * Added _methodOverride_ X-HTTP-Method-Override support 2309 | * Refactored session internals, adds _secret_ option 2310 | * Renamed `lifetime` option to `maxAge` in _staticProvider_ 2311 | * Removed connect(1), it is now [spark(1)](http://github.com/senchalabs/spark) 2312 | * Removed connect(1) dependency on examples, they can all now run with node(1) 2313 | * Remove a typo that was leaking a global. 2314 | * Removed `Object.prototype` forEach() and map() methods 2315 | * Removed a few utils not used 2316 | * Removed `connect.createApp()` 2317 | * Removed `res.simpleBody()` 2318 | * Removed _format_ middleware 2319 | * Removed _flash_ middleware 2320 | * Removed _redirect_ middleware 2321 | * Removed _jsonrpc_ middleware, use [visionmedia/connect-jsonrpc](http://github.com/visionmedia/connect-jsonrpc) 2322 | * Removed _pubsub_ middleware 2323 | * Removed need for `params.{captures,splat}` in _router_ middleware, `params` is an array 2324 | * Changed; _compiler_ no longer 404s 2325 | * Changed; _router_ signature now matches connect middleware signature 2326 | * Fixed a require in _session_ for default `MemoryStore` 2327 | * Fixed nasty request body bug in _router_. Closes #54 2328 | * Fixed _less_ support in _compiler_ 2329 | * Fixed bug preventing proper bubbling of exceptions in mounted servers 2330 | * Fixed bug in `Server#use()` preventing `Server` instances as the first arg 2331 | * Fixed **ENOENT** special case, is now treated as any other exception 2332 | * Fixed spark env support 2333 | 2334 | 0.2.1 / 2010-07-09 2335 | ================== 2336 | 2337 | * Added support for _router_ `next()` to continue calling matched routes 2338 | * Added mime type for _cache.manifest_ files. 2339 | * Changed _compiler_ middleware to use async require 2340 | * Changed session api, stores now only require `#get()`, and `#set()` 2341 | * Fixed _cacheManifest_ by adding `utils.find()` back 2342 | 2343 | 0.2.0 / 2010-07-01 2344 | ================== 2345 | 2346 | * Added calls to `Session()` casts the given object as a `Session` instance 2347 | * Added passing of `next()` to _router_ callbacks. Closes #46 2348 | * Changed; `MemoryStore#destroy()` removes `req.session` 2349 | * Changed `res.redirect("back")` to default to "/" when Referr?er is not present 2350 | * Fixed _staticProvider_ urlencoded paths issue. Closes #47 2351 | * Fixed _staticProvider_ middleware responding to **GET** requests 2352 | * Fixed _jsonrpc_ middleware `Accept` header check. Closes #43 2353 | * Fixed _logger_ format option 2354 | * Fixed typo in _compiler_ middleware preventing the _dest_ option from working 2355 | 2356 | 0.1.0 / 2010-06-25 2357 | ================== 2358 | 2359 | * Revamped the api, view the [Connect documentation](http://extjs.github.com/Connect/index.html#Middleware-Authoring) for more info (hover on the right for menu) 2360 | * Added [extended api docs](http://extjs.github.com/Connect/api.html) 2361 | * Added docs for several more middleware layers 2362 | * Added `connect.Server#use()` 2363 | * Added _compiler_ middleware which provides arbitrary static compilation 2364 | * Added `req.originalUrl` 2365 | * Removed _blog_ example 2366 | * Removed _sass_ middleware (use _compiler_) 2367 | * Removed _less_ middleware (use _compiler_) 2368 | * Renamed middleware to be camelcase, _body-decoder_ is now _bodyDecoder_ etc. 2369 | * Fixed `req.url` mutation bug when matching `connect.Server#use()` routes 2370 | * Fixed `mkdir -p` implementation used in _bin/connect_. Closes #39 2371 | * Fixed bug in _bodyDecoder_ throwing exceptions on request empty bodies 2372 | * `make install` installing lib to $LIB_PREFIX aka $HOME/.node_libraries 2373 | 2374 | 0.0.6 / 2010-06-22 2375 | ================== 2376 | 2377 | * Added _static_ middleware usage example 2378 | * Added support for regular expressions as paths for _router_ 2379 | * Added `util.merge()` 2380 | * Increased performance of _static_ by ~ 200 rps 2381 | * Renamed the _rest_ middleware to _router_ 2382 | * Changed _rest_ api to accept a callback function 2383 | * Removed _router_ middleware 2384 | * Removed _proto.js_, only `Object#forEach()` remains 2385 | 2386 | 0.0.5 / 2010-06-21 2387 | ================== 2388 | 2389 | * Added Server#use() which contains the Layer normalization logic 2390 | * Added documentation for several middleware 2391 | * Added several new examples 2392 | * Added _less_ middleware 2393 | * Added _repl_ middleware 2394 | * Added _vhost_ middleware 2395 | * Added _flash_ middleware 2396 | * Added _cookie_ middleware 2397 | * Added _session_ middleware 2398 | * Added `utils.htmlEscape()` 2399 | * Added `utils.base64Decode()` 2400 | * Added `utils.base64Encode()` 2401 | * Added `utils.uid()` 2402 | * Added bin/connect app path and --config path support for .js suffix, although optional. Closes #26 2403 | * Moved mime code to `utils.mime`, ex `utils.mime.types`, and `utils.mime.type()` 2404 | * Renamed req.redirect() to res.redirect(). Closes #29 2405 | * Fixed _sass_ 404 on **ENOENT** 2406 | * Fixed +new Date duplication. Closes #24 2407 | 2408 | 0.0.4 / 2010-06-16 2409 | ================== 2410 | 2411 | * Added workerPidfile() to bin/connect 2412 | * Added --workers support to bin/connect stop and status commands 2413 | * Added _redirect_ middleware 2414 | * Added better --config support to bin/connect. All flags can be utilized 2415 | * Added auto-detection of _./config.js_ 2416 | * Added config example 2417 | * Added `net.Server` support to bin/connect 2418 | * Writing worker pids relative to `env.pidfile` 2419 | * s/parseQuery/parse/g 2420 | * Fixed npm support 2421 | 2422 | 0.0.3 / 2010-06-16 2423 | ================== 2424 | 2425 | * Fixed node dependency in package.json, now _">= 0.1.98-0"_ to support __HEAD__ 2426 | 2427 | 0.0.2 / 2010-06-15 2428 | ================== 2429 | 2430 | * Added `-V, --version` to bin/connect 2431 | * Added `utils.parseCookie()` 2432 | * Added `utils.serializeCookie()` 2433 | * Added `utils.toBoolean()` 2434 | * Added _sass_ middleware 2435 | * Added _cookie_ middleware 2436 | * Added _format_ middleware 2437 | * Added _lint_ middleware 2438 | * Added _rest_ middleware 2439 | * Added _./package.json_ (npm install connect) 2440 | * Added `handleError()` support 2441 | * Added `process.connectEnv` 2442 | * Added custom log format support to _log_ middleware 2443 | * Added arbitrary env variable support to bin/connect (ext: --logFormat ":method :url") 2444 | * Added -w, --workers to bin/connect 2445 | * Added bin/connect support for --user NAME and --group NAME 2446 | * Fixed url re-writing support 2447 | 2448 | 0.0.1 / 2010-06-03 2449 | ================== 2450 | 2451 | * Initial release 2452 | 2453 | --------------------------------------------------------------------------------