David Bohannon issues

Results 4 issues of


                                            David Bohannon

Fails open when path or method options are not set

The documentation states that the path and method are optional; however, when applying the express-limiter middleware globally, both of these options MUST be set. Otherwise, the middleware will not be...

Returns Access-Control-Allow-Credentials Header for All Origins

When corser is applied without the origins option, the ACAO header is set to *. However, if it is applied without the origins option AND the supportsCredentials option is enabled,...

PERMANENT_SESSION_LIFETIME Not Enforced with FileSystemSessionInterface

As I understand the documentation, the user's session should be deleted automatically (server-side) when the SESSION_PERMANENT option is enabled and the session has been idle longer than the PERMANENT_SESSION_LIFETIME value....

Unintentionally Bypassing Middleware with Case-Sensitive Negative Regex

In the snippet below, the basicAuth middleware will be applied to all routes beginning with /secure/. ``` var unless = require('express-unless'); ... app.use(basicAuth.unless({path: /^(?!\/secure\/).*/})); ``` However, Express uses case-insensitive routing...