From 210b78c7818e8e4d631b0147335337e1555ff2d7 Mon Sep 17 00:00:00 2001 From: Evan Hahn Date: Fri, 20 Mar 2020 15:54:40 -0500 Subject: [PATCH] Deprecate helmet.noCache --- CHANGELOG.md | 4 ++++ index.js | 2 +- test/index.js | 35 ++++++++++++++++++++++++++++------- 3 files changed, 33 insertions(+), 8 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 95f0231c..6568a286 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,9 @@ # Changelog +## Unreleased +### Deprecated +- `helmet.noCache` is deprecated. Use the `nocache` module instead. See [#215](https://github.com/helmetjs/helmet/issues/215) + ## 3.21.3 - 2020-02-24 ### Changed - Updated `helmet-csp` to v2.9.5 diff --git a/index.js b/index.js index fc03968b..a0d6f7d0 100644 --- a/index.js +++ b/index.js @@ -63,13 +63,13 @@ helmet.frameguard = require('frameguard') helmet.hidePoweredBy = require('hide-powered-by') helmet.hsts = require('hsts') helmet.ieNoOpen = require('ienoopen') -helmet.noCache = require('nocache') helmet.noSniff = require('dont-sniff-mimetype') helmet.permittedCrossDomainPolicies = require('helmet-crossdomain') helmet.referrerPolicy = require('referrer-policy') helmet.xssFilter = require('x-xss-protection') helmet.hpkp = deprecate.function(require('hpkp'), 'helmet.hpkp is deprecated and will be removed in helmet@4. You can use the `hpkp` module instead. For more, see https://github.com/helmetjs/helmet/issues/180.') +helmet.noCache = deprecate.function(require('nocache'), 'helmet.noCache is deprecated and will be removed in helmet@4. You can use the `nocache` module instead. For more, see https://github.com/helmetjs/helmet/issues/215.') middlewares = Object.keys(helmet) diff --git a/test/index.js b/test/index.js index cf622fb3..1ff9eae4 100644 --- a/test/index.js +++ b/test/index.js @@ -54,7 +54,7 @@ describe('helmet', function () { // This test will be removed in helmet@4. it('calls through to hpkp but emits a deprecation warning', function () { const deprecationPromise = new Promise(resolve => { - process.on('deprecation', (deprecationError) => { + process.once('deprecation', (deprecationError) => { assert(deprecationError.message.indexOf('You can use the `hpkp` module instead.') !== -1) resolve() }) @@ -83,9 +83,29 @@ describe('helmet', function () { assert.strictEqual(helmet.ieNoOpen, pkg) }) - it('aliases "nocache"', function () { - const pkg = require('nocache') - assert.strictEqual(helmet.noCache, pkg) + // This test will be removed in helmet@4. + it('calls through to nocache but emits a deprecation warning', function () { + const deprecationPromise = new Promise(resolve => { + process.once('deprecation', (deprecationError) => { + assert(deprecationError.message.indexOf('You can use the `nocache` module instead.') !== -1) + resolve() + }) + }) + + const app = connect() + app.use(helmet.noCache()) + app.use((req, res) => { + res.end('Hello world!') + }) + const supertestPromise = request(app).get('/') + .expect(200) + .expect('Surrogate-Control', 'no-store') + .expect('Cache-Control', 'no-store, no-cache, must-revalidate, proxy-revalidate') + .expect('Pragma', 'no-cache') + .expect('Expires', '0') + .expect('Hello world!') + + return Promise.all([deprecationPromise, supertestPromise]) }) it('aliases "referrer-policy"', function () { @@ -158,10 +178,10 @@ describe('helmet', function () { }) it('lets you enable a normally-disabled middleware', function () { - helmet({ noCache: true }) + helmet({ referrerPolicy: true }) - sinon.assert.calledOnce(helmet.noCache) - sinon.assert.calledWith(helmet.noCache, {}) + sinon.assert.calledOnce(helmet.referrerPolicy) + sinon.assert.calledWith(helmet.referrerPolicy, {}) sinon.assert.calledOnce(helmet.dnsPrefetchControl) sinon.assert.calledOnce(helmet.frameguard) @@ -180,6 +200,7 @@ describe('helmet', function () { sinon.assert.notCalled(helmet.contentSecurityPolicy) sinon.assert.notCalled(helmet.expectCt) sinon.assert.notCalled(helmet.hpkp) + sinon.assert.notCalled(helmet.noCache) }) it('lets you set options for a default middleware', function () {