Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Avoid express dependency #24

Open
brettz9 opened this issue Jul 7, 2019 · 1 comment
Open

Avoid express dependency #24

brettz9 opened this issue Jul 7, 2019 · 1 comment
Labels
enhancement New feature or request

Comments

@brettz9
Copy link
Member

brettz9 commented Jul 7, 2019
edited
Loading

Is this a security issue?

No.

Despite being advertised as supporting Connect as well as Express middleware, there are a number of Express dependencies which should I believe be instead avoided or at least called out or made optional. For example, res.redirect is used (and in passport-local, req.query/req.body).

I thought I'd post here to get consensus on a general approach to the problem and then fix or document accordingly.
@brettz9 brettz9 added the enhancement New feature or request label Jul 7, 2019
@rwky
Copy link

rwky commented Jul 13, 2019

Connect supports the bodyParser middleware so for passport-local we just need to specify that in the docs.

As for res.redirect good spot. It'd be trivial to adjusted our code to detect if res.redirect is a thing, if it is then use it else use the native node methods.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@brettz9 @rwky