11 - deps: uid-safe@~2.0.0
17 - Fix compatibility with `crypto.DEFAULT_ENCODING` global changes
22 * Add `sessionKey` option
27 * Accept `CSRF-Token` and `XSRF-Token` request headers
28 * Default `cookie.path` to `'/'`, if using cookies
29 * deps: cookie-signature@1.0.6
31 - deps: base64-url@1.2.1
32 - deps: uid-safe@~1.1.0
33 * deps: http-errors@~1.3.1
34 - Construct errors using defined constructors from `createError`
35 - Fix error names that are not identifiers
36 - Set a meaningful `name` property on constructed errors
42 - deps: base64-url@1.2.0
43 - deps: uid-safe@~1.0.3
49 - deps: uid-safe@~1.0.2
55 - Slight speed improvement for `verify`
56 - deps: base64-url@1.1.0
58 * deps: http-errors@~1.2.8
59 - Fix stack trace from exported function
66 * deps: http-errors@~1.2.7
67 - Remove duplicate line
72 * Fix cookie name when using `cookie: true`
73 * deps: http-errors@~1.2.6
74 - Fix `expose` to be `true` for `ClientError` constructor
75 - Use `inherits` instead of `util`
81 * deps: cookie-signature@1.0.5
86 * Set `code` property on CSRF token errors
91 * Add `ignoreMethods` option
96 * Use `csrf-tokens` instead of `csrf`
101 * Support changing `req.session` after `csurf` middleware
102 - Calling `res.csrfToken()` after `req.session.destroy()` will now work
107 * Add support for environments without `res.cookie` (connect@3)
112 * deps: csrf-tokens@~2.0.0
117 * Refactor to use `csrf-tokens` module
122 * Add support for double-submit cookie
127 * Add constant-time string compare