From 32645ab6d372e23e7e6457076ba379ccf40fe044 Mon Sep 17 00:00:00 2001 From: Andres Morey Date: Thu, 27 Apr 2023 15:48:08 +0300 Subject: [PATCH] added excludePathPrefixes option and bumped version number to 1.0.3 --- README.md | 2 +- package.json | 2 +- src/config.ts | 2 +- src/index.ts | 4 ++-- test/index.test.ts | 6 +++--- 5 files changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index 02a4121..8527900 100644 --- a/README.md +++ b/README.md @@ -129,8 +129,8 @@ Here are the default configuration values: httpOnly: true, sameSite: 'strict' }, + excludePathPrefixes: ['/_next/'], ignoreMethods: ['GET', 'HEAD', 'OPTIONS'], - ignorePathPrefixes: ['/_next/'], saltByteLength: 8, secretByteLength: 18, token: { diff --git a/package.json b/package.json index c7b88b0..b05c903 100644 --- a/package.json +++ b/package.json @@ -1,7 +1,7 @@ { "name": "edge-csrf", "description": "CSRF protection for Next.js middleware", - "version": "1.0.2", + "version": "1.0.3", "author": "Andres Morey", "license": "MIT", "repository": "amorey/edge-csrf", diff --git a/src/config.ts b/src/config.ts index cd264ad..5457ebe 100644 --- a/src/config.ts +++ b/src/config.ts @@ -27,8 +27,8 @@ export class TokenOptions { export class Config { cookie: CookieOptions = new CookieOptions() + excludePathPrefixes: string[] = ['/_next/'] ignoreMethods: string[] = ['GET', 'HEAD', 'OPTIONS'] - ignorePathPrefixes: string[] = ['/_next/'] saltByteLength: number = 8 secretByteLength: number = 18 token: TokenOptions = new TokenOptions() diff --git a/src/index.ts b/src/index.ts index 95fb2d1..6a63802 100644 --- a/src/index.ts +++ b/src/index.ts @@ -22,8 +22,8 @@ export default function CreateMiddleware(opts?: Partial): CSRFMid let secret: Uint8Array; let secretStr: string | undefined; - // check ignorePathPrefixes - for (const pathPrefix of config.ignorePathPrefixes) { + // check excludePathPrefixes + for (const pathPrefix of config.excludePathPrefixes) { if (request.nextUrl.pathname.startsWith(pathPrefix)) return null; } diff --git a/test/index.test.ts b/test/index.test.ts index 55deb6f..f0cc8f8 100644 --- a/test/index.test.ts +++ b/test/index.test.ts @@ -351,9 +351,9 @@ describe('config option tests', () => { }) }) - describe('ignorePathPrefixes', () => { - it('should respect configured ignorePathPrefixes', async () => { - const csrfProtect = csrf({ignorePathPrefixes: ['/ignore-me/sub-path/']}) + describe('excludePathPrefixes', () => { + it('should respect configured excludePathPrefixes', async () => { + const csrfProtect = csrf({excludePathPrefixes: ['/ignore-me/sub-path/']}) const request = new NextRequest('http://example.com/ignore-me/sub-path/file.jpg') const response = NextResponse.next()