New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set state by default? #13
Comments
The |
@bitinn I just pushed the auto generated state here e7d25e4 If you set the state through the json configuration or through dynamic override, that state probably would be either string or number type. In these cases that will be the state used, any other falsy value means no state. However if you set the |
@simov just a note to make sure you are aware of I am not sure what's the best approach here, but given how fast koa and its core middlewares evolves, a strict version dependency on them is probably not what you want. I believe we can't use This is generally a problem when mounting a full koa app into existing koa app, unfortunately. |
@bitinn is there a real problem with that? Take a look at this example https://github.com/simov/grant/blob/master/example/koa/package.json currently the consumer app is using 0.14 and grant-koa is using 0.18.1 same for the body-parser middleware - the versions are different. Still the app seems to be working, but that's a really simple example, that's why I'm asking about any potential problems with that. |
@simov probably not, other than unmet dependency warning during say you have a koa app using latest koa and bodyparser:
|
Interestingly enough I'm not getting that warning with node 0.12.2 and the above example. Other than that the solution would be to use
or I can just leave the version number a bit more relaxed. I'm really not sure how Koa implements the mounting, but with Express I can have express 3.x app that mounts grant with express 4.x app and middlewares in it without a problem. |
But my app set koa dependency as You can imagine some developers doing this before they ship to production server, or when they specifically try to avoid a buggy version. To me there really isn't much one can do except: update dependency, or relax dependency. On my end the best alternative would be to check-in |
Ok, I'll figure out something, but still I'm not sure how you get that warning. Can you experiment with this example https://github.com/simov/grant/tree/master/example/koa As you can see currently there are older versions set than the ones used in grant-koa (that's the first test) Then I removed node_modules all together and set the latest versions in the package.json for that app. The result was exactly the same - no warnings whatsoever. |
@simov Thx for looking into it, I will try and report back in the weekend, it's now well after midnight on my side :) |
Ah I may have identified the problem, it would appear that when upgrading or installing grant-koa
Appear to fix this problem, I am not sure about the exact steps to reproduce it, but at least I now know it's not grant-koa package.json's problem. TL;DR, your example works, my |
That makes sense, I've seen this warning before. As I mentioned a few comments back, there are two available options, but I'm still wondering which one would be better
|
@simov If you don't use any specific features of koa, other than some general routing, then a relaxed But, if you want better control of It's a close call, for flexibility I might prefer |
Version 3.1.0 is published on NPM changelog For now I'm using relaxed dependencies for the koa-middleware, like this "dependencies": {
"thunkify" : "2.1.2",
"koa" : "0.x.x",
"koa-route" : "2.4.0",
"koa-bodyparser" : "1.x.x",
"grant" : "3.1.0"
} |
Now that I think of it, we should just generated random
state
by default, right? This is the secure approach and grant is already using session (which it might as well use to storestate
).Any reason for us to do a dynamic overwrite manually?
The text was updated successfully, but these errors were encountered: