Deprecate "secureProxy" option in ".set"; use "secure" option instead

pillarjs · Feb 29, 2016 · c7cf922 · c7cf922
1 parent d6edb8e
commit c7cf922
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/History.md b/History.md
@@ -5,6 +5,8 @@
   * Change constructor to signature `new Cookies(req, res, [options])`
     - Replace `new Cookies(req, res, key)` with `new Cookies(req, res, {'keys': keys})`
   * Change prototype construction for proper "constructor" property
+  * Deprecate `secureProxy` option in `.set`; use `secure` option instead
+    - If `secure: true` throws even over SSL, use the `secure` constructor option
 
 0.5.1 / 2014-07-27
 ==================

diff --git a/README.md b/README.md
@@ -67,7 +67,6 @@ If the _options_ object is provided, it will be used to generate the outbound co
 * `path`: a string indicating the path of the cookie (`/` by default).
 * `domain`: a string indicating the domain of the cookie (no default).
 * `secure`: a boolean indicating whether the cookie is only to be sent over HTTPS (`false` by default for HTTP, `true` by default for HTTPS).
-* `secureProxy`: a boolean indicating whether the cookie is only to be sent over HTTPS (use this if you handle SSL not in your node process).
 * `httpOnly`: a boolean indicating whether the cookie is only to be sent over HTTP(S), and not made available to client JavaScript (`true` by default).
 * `signed`: a boolean indicating whether the cookie is to be signed (`false` by default). If this is true, another cookie of the same name with the `.sig` suffix appended will also be sent, with a 27-byte url-safe base64 SHA1 value representing the hash of _cookie-name_=_cookie-value_ against the first [Keygrip](https://www.npmjs.com/package/keygrip) key. This signature key is used to detect tampering the next time a cookie is received.
 * `overwrite`: a boolean indicating whether to overwrite previously set cookies of the same name (`false` by default). If this is true, all cookies set during the same request with the same name (regardless of path or domain) are filtered out of the Set-Cookie header when setting this cookie.

diff --git a/lib/cookies.js b/lib/cookies.js
@@ -81,7 +81,12 @@ Cookies.prototype.set = function(name, value, opts) {
 
   cookie.secure = secure
   if (opts && "secure" in opts) cookie.secure = opts.secure
-  if (opts && "secureProxy" in opts) cookie.secure = opts.secureProxy
+
+  if (opts && "secureProxy" in opts) {
+    deprecate('"secureProxy" option; use "secure" option, provide "secure" to constructor if needed')
+    cookie.secure = opts.secureProxy
+  }
+
   headers = pushCookie(headers, cookie)
 
   if (opts && signed) {