express
express copied to clipboard
expressjs
Fast, unopinionated, minimalist web framework for node.
- Replace `var` loop with `for...of` for clarity and readability - Use `const` instead of `var` to prevent accidental reassignment - Introduce explicit `found` variable to avoid shadowing Node's `path`...
https://github.com/expressjs/express/blob/54af593b739ea44674e4a445efa15b8024f093da/lib/request.js#L17 Reduce redundancy by replacing lines like this with a destructuring assignment, and consolidate the multiple references to `exports` into just one or two, assigning all the exported values in...
Add test to verify that utils.normalizeType correctly defaults to 'application/octet-stream' when mime.lookup() returns null/undefined for unknown file extensions. This covers the fallback behavior on line 64 of lib/utils.js and ensures...
Verify that req.host ignores comma-separated X-Forwarded-Host values when trust proxy is disabled, ensuring security by using Host header instead of potentially malicious forwarded headers
Add test to verify that req.host correctly handles comma-separated values in X-Forwarded-Host header by using only the first value. This ensures the behavior matches req.hostname and properly handles edge cases...
Include the response Access-Control-Allow-Origin header as an extra argument to the app's compiled etag function so ETags vary by CORS origin. This prevents CDN/304 + missing CORS headers from causing...
This pull request fixes an edge case in res.cookie() where specifying maxAge: null caused the function to produce incorrect cookie headers or throw an internal error when updated to 1.0.2...
- As suggested here: https://github.com/expressjs/express/discussions/5783#discussioncomment-14224233 - See also #6647, #5723, #6374, #3230, #3272, https://github.com/expressjs/express/pulls?q=is%3Apr+qs+is%3Aclosed - This doesn't remove `qs` from `body-parser` --- Developer's Certificate of Origin 1.1 By making a...
Since superagent 9.0.2, the library uses `new URL()` instead of the deprecated `url.parse()` for URL handling. The `URL` class automatically normalizes paths containing `/../` sequences, which prevented tests from verifying...
## Description This PR fixes issue #6756 where passing a BigInt value to `res.status()` or `res.sendStatus()` causes an uncaught `TypeError` that crashes the server. ## Problem The current implementation uses...
