Releases: Munter/express-legacy-csp
Releases · Munter/express-legacy-csp
Update useragent to avoid redos vulnerability
Bump useragent dependency to ^2.2.1 to address https://nodesecurity.io/advisories/312
Update caniuse-db to 1.0.30000655 and switch to a ^ version range
Don't crash when browser version numbers have leading zeroes
Assume that not explicitly mentioned lower versions are unsupported
Features
When a browser is encountered that does not exist in the caniuse dataset, but is a lower version than all other browsers in the dataset, assume that the browser has no CSP capabilities.
- Assume that not explicitly mentioned lower versions are unsupported 44a3049 @papandreou
Extrapolate from latest browser version mentioned in caniuse-db
- When caniuse-db does not have data about a given browser version, assume it has the same capabilities as the highest version that does have data (#7)
Feature completion
Features
- Support multiple comma-separated policies in a single header f8f0905 @papandreou
- Add support for parsing version range specifiers in caniuse-db 3718138 @papandreou
Safari CSP1 downgrade fixes
Fixes
- Temporarily fix downgrading in iOS Safari c0f4a3f @papandreou