From 6f85d41788f969173fac044a793c8f24db78da6b Mon Sep 17 00:00:00 2001
From: Evan Carothers <evan.carothers@gmail.com>
Date: Fri, 9 Sep 2016 00:11:44 -0500
Subject: [PATCH] updates to support lint/test/build + slight refactoring

---
 .jshintrc                 |  91 +++++++++++++++++
 README.md                 |  10 +-
 dev/xdomain_cookie.dev.js | 209 ++++++++++++++++++++++++++++++++++++++
 dev/xdomain_cookie.html   |  69 +++++++++++++
 gulpfile.js               |  65 ++++++++++++
 package.json              |  13 ++-
 src/xdomain_cookie.html   |  12 ++-
 src/xdomain_cookie.js     |  19 ++--
 src/xdomain_cookie.min.js |   3 +
 test/test_page.html       |   2 +-
 test/test_s3_bucket.html  |   2 +-
 test/test_webserver.js    |   2 +-
 12 files changed, 475 insertions(+), 22 deletions(-)
 create mode 100644 .jshintrc
 create mode 100644 dev/xdomain_cookie.dev.js
 create mode 100644 dev/xdomain_cookie.html
 create mode 100644 gulpfile.js
 create mode 100644 src/xdomain_cookie.min.js

diff --git a/.jshintrc b/.jshintrc
new file mode 100644
index 0000000..f407ac0
--- /dev/null
+++ b/.jshintrc
@@ -0,0 +1,91 @@
+{
+    // JSHint Default Configuration File (as on JSHint website)
+    // See http://jshint.com/docs/ for more details
+
+    "maxerr"        : 50,       // {int} Maximum error before stopping
+
+    // Enforcing
+    "bitwise"       : true,     // true: Prohibit bitwise operators (&, |, ^, etc.)
+    "camelcase"     : false,    // true: Identifiers must be in camelCase
+    "curly"         : false,    // true: Require {} for every new block or scope
+    "eqeqeq"        : true,     // true: Require triple equals (===) for comparison
+    "forin"         : false,    // true: Require filtering for..in loops with obj.hasOwnProperty()
+    "freeze"        : true,     // true: prohibits overwriting prototypes of native objects such as Array, Date etc.
+    "immed"         : false,    // true: Require immediate invocations to be wrapped in parens e.g. `(function () { } ());`
+    "latedef"       : false,    // true: Require variables/functions to be defined before being used
+    "newcap"        : false,    // true: Require capitalization of all constructor functions e.g. `new F()`
+    "noarg"         : true,     // true: Prohibit use of `arguments.caller` and `arguments.callee`
+    "noempty"       : true,     // true: Prohibit use of empty blocks
+    "nonbsp"        : true,     // true: Prohibit "non-breaking whitespace" characters.
+    "nonew"         : false,    // true: Prohibit use of constructors for side-effects (without assignment)
+    "plusplus"      : false,    // true: Prohibit use of `++` and `--`
+    "quotmark"      : false,    // Quotation mark consistency:
+                                //   false    : do nothing (default)
+                                //   true     : ensure whatever is used is consistent
+                                //   "single" : require single quotes
+                                //   "double" : require double quotes
+    "undef"         : true,     // true: Require all non-global variables to be declared (prevents global leaks)
+    "unused"        : true,     // Unused variables:
+                                //   true     : all variables, last function parameter
+                                //   "vars"   : all variables only
+                                //   "strict" : all variables, all function parameters
+    "strict"        : true,     // true: Requires all functions run in ES5 Strict Mode
+    "maxparams"     : false,    // {int} Max number of formal params allowed per function
+    "maxdepth"      : false,    // {int} Max depth of nested blocks (within functions)
+    "maxstatements" : false,    // {int} Max number statements per function
+    "maxcomplexity" : false,    // {int} Max cyclomatic complexity per function
+    "maxlen"        : false,    // {int} Max number of characters per line
+    "varstmt"       : false,    // true: Disallow any var statements. Only `let` and `const` are allowed.
+
+    // Relaxing
+    "asi"           : false,     // true: Tolerate Automatic Semicolon Insertion (no semicolons)
+    "boss"          : false,     // true: Tolerate assignments where comparisons would be expected
+    "debug"         : false,     // true: Allow debugger statements e.g. browser breakpoints.
+    "eqnull"        : false,     // true: Tolerate use of `== null`
+    "esversion"     : 5,         // {int} Specify the ECMAScript version to which the code must adhere.
+    "moz"           : false,     // true: Allow Mozilla specific syntax (extends and overrides esnext features)
+                                 // (ex: `for each`, multiple try/catch, function expression…)
+    "evil"          : false,     // true: Tolerate use of `eval` and `new Function()`
+    "expr"          : false,     // true: Tolerate `ExpressionStatement` as Programs
+    "funcscope"     : false,     // true: Tolerate defining variables inside control statements
+    "globalstrict"  : false,     // true: Allow global "use strict" (also enables 'strict')
+    "iterator"      : false,     // true: Tolerate using the `__iterator__` property
+    "lastsemic"     : false,     // true: Tolerate omitting a semicolon for the last statement of a 1-line block
+    "laxbreak"      : false,     // true: Tolerate possibly unsafe line breakings
+    "laxcomma"      : false,     // true: Tolerate comma-first style coding
+    "loopfunc"      : true,      // true: Tolerate functions being defined in loops
+    "multistr"      : false,     // true: Tolerate multi-line strings
+    "noyield"       : false,     // true: Tolerate generator functions with no yield statement in them.
+    "notypeof"      : false,     // true: Tolerate invalid typeof operator values
+    "proto"         : false,     // true: Tolerate using the `__proto__` property
+    "scripturl"     : false,     // true: Tolerate script-targeted URLs
+    "shadow"        : false,     // true: Allows re-define variables later in code e.g. `var x=1; x=2;`
+    "sub"           : false,     // true: Tolerate using `[]` notation when it can still be expressed in dot notation
+    "supernew"      : false,     // true: Tolerate `new function () { ... };` and `new Object;`
+    "validthis"     : false,     // true: Tolerate using this in a non-constructor function
+
+    // Environments
+    "browser"       : true,     // Web Browser (window, document, etc)
+    "browserify"    : false,    // Browserify (node.js code in the browser)
+    "couch"         : false,    // CouchDB
+    "devel"         : true,     // Development/debugging (alert, confirm, etc)
+    "dojo"          : false,    // Dojo Toolkit
+    "jasmine"       : false,    // Jasmine
+    "jquery"        : false,    // jQuery
+    "mocha"         : true,     // Mocha
+    "mootools"      : false,    // MooTools
+    "node"          : true,     // Node.js
+    "nonstandard"   : false,    // Widely adopted globals (escape, unescape, etc)
+    "phantom"       : false,    // PhantomJS
+    "prototypejs"   : false,    // Prototype and Scriptaculous
+    "qunit"         : false,    // QUnit
+    "rhino"         : false,    // Rhino
+    "shelljs"       : false,    // ShellJS
+    "typed"         : false,    // Globals for typed array constructions
+    "worker"        : false,    // Web Workers
+    "wsh"           : false,    // Windows Scripting Host
+    "yui"           : false,    // Yahoo User Interface
+
+    // Custom Globals
+    "globals"       : { "_LOG": true}        // additional predefined global variables
+}
\ No newline at end of file
diff --git a/README.md b/README.md
index 8b2701c..3f81048 100644
--- a/README.md
+++ b/README.md
@@ -15,7 +15,7 @@ Usage
 Simply include the script on any page where it's needed, create a new instance of xDomainCookie, and leverage the get/set functions:
 
 ```html
-<script src="//my.s3bucket.com/xdomain_cookie.js"></script>
+<script src="//my.s3bucket.com/xdomain_cookie.min.js"></script>
 <script>
 	var xd_cookie = xDomainCookie( '//my.s3bucket.com' );
 	xd_cookie.get( 'cookie_name', function(cookie_val){
@@ -31,7 +31,7 @@ Simply include the script on any page where it's needed, create a new instance o
 Usage Notes
 ------
 
-_Please Note_ that it's important for the `xdomain_cookie.js` file to be served from the same domain _and_ protocol as the path passed in for the iframe creation (when creating `xDomainCookie`). You can setup the script to use whichever page the protocol of the main window is using by specifying `//` as the protocol prefix (instead of explicit `https://` or `http://`, assuming the webserver hosting the `xdomain_cookie.html` file supports that procolol). It's also OK to serve both the script and iframe path over HTTPS in all instances, regardless of if the main page is loaded over HTTPS.
+_Please Note_ that it's important for the `xdomain_cookie.min.js` file to be served from the same domain _and_ protocol as the path passed in for the iframe creation (when creating `xDomainCookie`). You can setup the script to use whichever page the protocol of the main window is using by specifying `//` as the protocol prefix (instead of explicit `https://` or `http://`, assuming the webserver hosting the `xdomain_cookie.html` file supports that procolol). It's also OK to serve both the script and iframe path over HTTPS in all instances, regardless of if the main page is loaded over HTTPS.
 
 This script should work in all modern desktop and mobile browsers that support the postMessage API (IE 8+, Chrome, FF, etc).
 
@@ -102,8 +102,8 @@ There's a full test suite that leverages zombie/connect to mock & test the libra
 npm test
 ```
 
-##### Dev Server
-The dev server runs on localhost:3001. Once running you can map whatever hosts to 127.0.0.1 and load the JS in running local pages from {{myhost}}:3001/xdomain_cookie.js.
+##### Dev Server & Development
+The dev server runs on localhost:3001. Once running you can map whatever hosts to 127.0.0.1 and load the JS in running local pages from {{myhost}}:3001/xdomain_cookie.dev.js.
 ```
 npm run dev
 ```
@@ -111,3 +111,5 @@ npm run dev
 It is also pre-configurd with an example scenario that shows usage across domains. It requires you to map the following domains to 127.0.0.1 in your hosts file: shared_cookie_test.com, shared_cookie_test2.com, and shared_cookie_iframe.com
 
 You can then see the example working by visiting http://shared_cookie_test.com:3001/test_page.html and shared_cookie_test2.com/test_page.html - take a look at the console output to see cookie behavior.
+
+When developing locally you can lint/test/build the library by running `gulp build`
diff --git a/dev/xdomain_cookie.dev.js b/dev/xdomain_cookie.dev.js
new file mode 100644
index 0000000..27caa41
--- /dev/null
+++ b/dev/xdomain_cookie.dev.js
@@ -0,0 +1,209 @@
+(function(exports) {
+	"use strict";
+	
+	var xDomainCookie = function( iframe_path, namespace, xdomain_only, iframe_load_timeout_ms ){
+		//iframe_path = full TLD (and optional path) to location where iframe_shared_cookie.html is served from, and domain cookie will be set on
+		//namespace = namespace to use when identifying that postMessage calls incoming are for our use
+
+		if( iframe_path.substr(0,2)==='//' ) iframe_path = (window.location.protocol==='https:'?'https:':'http:')+iframe_path; //verify protocol is present & used
+
+		var _namespace = namespace || 'xdsc',						//namespace for the shared cookie in case there are multiple instances on one page - prevents postMessage collision
+			_load_wait_ms = iframe_load_timeout_ms || (1000*6), 	//wait 6 seconds if no other overloaded wait time specified
+			_iframe_ready = false,									//has the iframe posted back as ready?
+			_iframe_load_error = false,								//was there an error loading the iframe from specified iframe_path in designated iframe_load_timeout_ms?
+			_callbacks = [],										//list of pending callbacks to ping when iframe is ready or err occurs
+			_xdomain_cookie_data = {},								//shared cookie data set by the iframe after load/ready
+			_id = new Date().getTime(),								//identifier to use for iframe in case there are multiple on the page
+			_default_expires_days = 30,								//default expiration days for cookies when re-uppded
+			_xdomain_only = !!xdomain_only;							//should we ONLY use xdomain cookies (and avoid local cache)
+
+		//function called on inbound post message - filter/verify that message is for our consumption, then set ready data an fire callbacks
+		function _inbound_postmessage( event ){
+
+			var origin = event.origin || event.originalEvent.origin; // For Chrome, the origin property is in the event.originalEvent object.
+			if (origin !== iframe_path) return; //incoming message not from iframe
+			
+			if(typeof event.data !== 'string') return; //expected json string encoded payload
+			var data = null;
+			try{
+	        	data = JSON.parse(event.data);
+	        }catch(e){}
+
+	        if(typeof data !== 'object' || (data instanceof Array)) return; //data is not a non-array object
+	        if(!('msg_type' in data) || data.msg_type !== 'xdsc_read') return; //data is not a xdomainc-cookie payload
+	        if(!('namespace' in data) || data.namespace !== _namespace) return; //wrong namespace for msg
+
+	        //NOTE - the only thing iframe postMessages to us is when it's initially loaded, and it includes payload of all cookies set on iframe domain
+        	_xdomain_cookie_data = data.cookies;
+			_iframe_ready = true;
+			_fire_pending_callbacks();
+		}	
+
+		//an error occured loading the iframe from specified source (based on timeout)
+		function _iframe_load_error_occured(){
+			_iframe_load_error = true;
+			_fire_pending_callbacks();
+		}
+
+		//wait until iframe is loaded & ready, or an error occurs, then execute callbakcfunction
+		function _on_iframe_ready_or_error( cb ){
+			_callbacks.push( cb );
+			_fire_pending_callbacks();
+		}
+
+		//run all pending callbacks that are registered
+		function _fire_pending_callbacks(){
+			if( !_iframe_load_error && !_iframe_ready ) return; //not yet ready to fire callbacks, still waiting on error or ready
+			while(_callbacks.length>0){
+				_callbacks.pop()( _iframe_load_error );
+			}
+		}
+
+		//set a cookie in the iframe @ iframe_path
+		function _set_cookie_in_iframe( cookie_name, cookie_value, expires_days ){
+			//NOTE - this function is only called from within _on_iframe_ready_or_err  function when there is NOT an error
+			//so we can safely assume iframe is present, ready, and callable at this point
+
+			//postMessage to Iframe w/ info
+			var data = {
+				namespace: _namespace,
+				msg_type: 'xdsc_write',
+				cookie_name: cookie_name,
+				cookie_val: cookie_value,
+				expires_days: expires_days
+			};
+
+			document.getElementById('xdomain_cookie_'+_id).contentWindow.postMessage(JSON.stringify(data), iframe_path );
+		}
+
+		//basic local cookie getter function
+		function _get_local_cookie( cookie_name ){
+			var name = cookie_name + "=";
+		    var ca = document.cookie.split(';');
+		    for(var i=0; i<ca.length; i++) {
+		        var c = ca[i].trim();
+		        if (c.indexOf(name) === 0) return decodeURIComponent( c.substring(name.length,c.length) );
+		    }
+		    return "";
+		}
+
+		//basic local cookie setter function
+		function _set_local_cookie( cookie_name, cookie_value, expires_days ){
+			var d = new Date();
+		    d.setTime(d.getTime() + ( expires_days*1000*60*60*24) );
+		    document.cookie = cookie_name + "=" + cookie_value + "; expires="+d.toUTCString();
+		}
+
+		//function to set the value for both cookies (local & xdomain)
+		function _set_xdomain_cookie_value( cookie_name, cookie_value, expires_days ){
+			
+			//if iframe isn't ready, wait for it to be ready
+			if(!_iframe_ready && !_iframe_load_error){
+				return _callbacks.push(function(){
+					_set_xdomain_cookie_value( cookie_name, cookie_value, expires_days);
+				});
+			}
+
+			expires_days = expires_days || _default_expires_days;
+			//if cookie is empty (null or undefined) delete the cookie
+			expires_days = (cookie_value===null || cookie_value===undefined) ? -100 : expires_days;
+
+			if(!_xdomain_only) _set_local_cookie( cookie_name, cookie_value, expires_days );
+
+			if(!_iframe_load_error){
+				_set_cookie_in_iframe( cookie_name, cookie_value, expires_days );
+			}
+
+			//set local cached value
+			_xdomain_cookie_data[cookie_name] = cookie_value;
+		}
+
+		//function to call after instantiation to sync a cookie, supplying a cookie name, value to write if it does NOT exist, expires 
+		//time (in ms from now), and a callback for completion (which includes the resolved cookie value as the only argument)
+		function _get_xdomain_cookie_value( cookie_name, callback, expires_days ){
+			
+			expires_days = expires_days || _default_expires_days;
+
+			//cb function to create closure for pending user callback
+			function _cb( xdomain_success, cookie_val, callback ){
+
+				//re-up the cookie
+				_set_xdomain_cookie_value( cookie_name, cookie_val, expires_days );
+
+				if(typeof callback === 'function') callback( cookie_val );
+			}
+
+			if(!_xdomain_only){
+				//see if local cookie is set - if so, no need to wait for iframe to fetch cookie
+				var _existing_local_cookie_val = _get_local_cookie( cookie_name );
+				if(_existing_local_cookie_val){
+					//set onready call to write-through cookie once iframe is ready, then call callback directly
+					_on_iframe_ready_or_error( function( is_err ){
+						_cb( !is_err, _existing_local_cookie_val );
+					});
+					return callback( _existing_local_cookie_val );
+				} 
+			}
+
+			//no local cookie is set/present, so bind CB to iframe ready/error callback so it's pinged a soon as we hit a ready state from iframe
+			_on_iframe_ready_or_error(function( is_err ){
+
+				//if an error occurs loading the iframe, return appropriate response w/ callback
+				if(is_err) return _cb( false, null, callback );
+				
+				var _current_cookie_val = cookie_name in _xdomain_cookie_data ? _xdomain_cookie_data[cookie_name] : null;
+				_cb( !is_err, _current_cookie_val, callback );
+
+			});
+		}
+
+		//bind postmessage listeners for incoming messages from iframe
+		window.addEventListener('message', _inbound_postmessage );
+
+		//create hidden iframe on the page that loads from same domain as this script and is used for communication / cookie setting
+		var ifr = document.createElement('iframe');
+		ifr.style.display = 'none';
+		ifr.id = 'xdomain_cookie_'+_id;
+		var data = {
+			namespace: _namespace,
+			window_origin: window.location.origin,
+			iframe_origin: iframe_path
+		};
+		ifr.src = iframe_path+'/xdomain_cookie.html#'+encodeURIComponent(JSON.stringify(data));
+		document.body.appendChild( ifr );
+
+		//set timeout to specify load error if iframe doesn't load in _load_wait_ms
+		setTimeout( 
+			function(){
+				if(!_iframe_ready) _iframe_load_error_occured();
+			}, 
+			_load_wait_ms 
+		);
+
+		return {
+			get: _get_xdomain_cookie_value,
+			set: _set_xdomain_cookie_value
+		};
+	};
+	
+	exports.xDomainCookie = xDomainCookie;
+})(this);
+
+/*
+//EXAMPLE OF USAGE
+
+var shared_cookie = xDomainSharedCookie( 'https://shared.contently.com', 'contently.ifsc' );
+var _temp_id = generate_new_user_id_for_use_if_cookie_not_set();
+
+shared_cookie.create(
+	'whatever_cookie_name', //cookie name
+	 _temp_id,	//cookie value to use if not set
+	(1000*60*60*24*30), // expiration future milliseconds for cookei (30 days here)
+	function( cookie_val ){
+		//callback for cookie fetch finalization
+		//NOTE - cookie will be read/set locally regardless, but success of setting cross-domain version is first param for callback
+		_set_user_cookie_id_for_etl_pipeline( cookie_val );
+	}
+);
+
+*/
\ No newline at end of file
diff --git a/dev/xdomain_cookie.html b/dev/xdomain_cookie.html
new file mode 100644
index 0000000..6162081
--- /dev/null
+++ b/dev/xdomain_cookie.html
@@ -0,0 +1,69 @@
+<!DOCTYPE html>
+<HEAD>
+	<script>
+		"use strict";
+		window.IframeShim = (function(){
+
+			//orign & namespace data is passed in via urlencoded json object in url hash
+			var _hash_data = JSON.parse(decodeURIComponent(window.location.hash.substr(1))),
+				_namespace = _hash_data.namespace,
+				_window_origin = _hash_data.window_origin,
+				_iframe_origin = _hash_data.iframe_origin;
+
+			//basic cookie getter function (returns object of all cookies key/val)
+			function _get_local_cookies(){
+				var cstring = document.cookie.split(';'),
+					cookies = {};
+				cstring.forEach(function(cs){
+					var vals = cs.trim().split("=");
+					if(!vals[0]) return;
+			        cookies[vals[0]] = decodeURIComponent(vals[1]);
+				});
+			    return cookies;
+			}
+
+			//basic cookie setter function
+			function _set_local_cookie( cookie_name, cookie_value, expires_days ){
+				var d = new Date();
+			    d.setTime(d.getTime() + (expires_days*1000*60*60*24) );
+			    document.cookie = cookie_name + "=" + cookie_value + "; expires="+d.toUTCString();
+			}
+
+			//listen for incoming postMessage requests (to write cookie, incoming from local page that loaded iframe)
+			window.addEventListener('message', function(event){
+
+				var origin = event.origin || event.originalEvent.origin; // For Chrome, the origin property is in the event.originalEvent object.
+				if ( [_window_origin,_iframe_origin].indexOf(origin) === -1 ) return; //incoming message not from iframe page
+				
+				//We must filter messages here to verify that it's the specific message/type we are looking for, and not from another script
+				var data = null;
+				try{
+		        	data = JSON.parse(event.data);
+		        }catch(e){}
+		        
+		        if(typeof data !== 'object' || (data instanceof Array)) return; //data is not a non-array object
+	        	if(!('msg_type' in data) || data.msg_type !== 'xdsc_write') return; //data is not a xdomainc-cookie payload
+	        	if(!('namespace' in data) || data.namespace !== _namespace) return; //wrong namespace for msg
+
+		        _set_local_cookie( data.cookie_name, data.cookie_val, parseInt(data.expires_days,10) );
+		        //ping down to page again to update values of xdomain cookie data
+		        _send_xdomain_cookie_data_to_page();
+			});
+
+			function _send_xdomain_cookie_data_to_page(){
+				var msg = {
+					cookies: _get_local_cookies(),
+					msg_type: 'xdsc_read',
+					namespace: _namespace
+				};
+				//postmessage to parent window w/ data
+				window.parent.postMessage(JSON.stringify(msg), _window_origin);
+			}
+
+			//initialization - ping parent window w/ cookie payload right away so it an hit callbacks asap
+			_send_xdomain_cookie_data_to_page();
+
+		})();
+	</script>
+</HEAD>
+</HTML>
\ No newline at end of file
diff --git a/gulpfile.js b/gulpfile.js
new file mode 100644
index 0000000..8d40c97
--- /dev/null
+++ b/gulpfile.js
@@ -0,0 +1,65 @@
+"use strict";
+
+const gulp = require('gulp'),
+	  jshint = require('gulp-jshint'),
+      rename = require("gulp-rename"),
+      mocha = require('gulp-mocha'),
+      runSequence = require('run-sequence'),
+      insert = require('gulp-insert'),
+      uglify = require('gulp-uglify');
+
+const PACKAGE = require('./package.json');
+const ATTIBUTION = `/* Version ${PACKAGE.version} ${PACKAGE.name} (${PACKAGE.homepage}) from Contently (https://github.com/contently) */`+"\n\n";
+
+gulp.task('build', function(cb) {
+  runSequence(
+  	'lint',
+  	'test',
+  	'build_files',
+    cb);
+});      
+
+gulp.task('build_files', ['build_js','copy_html']);
+
+gulp.task('copy_html', function(){
+	return gulp.src('./dev/xdomain_cookie.html')
+        .pipe(gulp.dest('src'));
+});
+
+gulp.task('build_js', ['build_regular_js', 'build_min_js']);
+
+gulp.task('build_regular_js', function(){
+	return gulp.src('./dev/xdomain_cookie.dev.js')
+        .pipe(insert.prepend(ATTIBUTION))
+        .pipe( rename("xdomain_cookie.js") )
+        .pipe(gulp.dest('src'));
+});
+
+gulp.task('build_min_js', function(){
+	return gulp.src('./dev/xdomain_cookie.dev.js')
+		.pipe(uglify({mangle:false}))
+        .pipe(insert.prepend(ATTIBUTION))
+        .pipe( rename("xdomain_cookie.min.js") )
+        .pipe(gulp.dest('src'));
+});
+
+gulp.task('lint', function(){
+	return gulp.src('./dev/**/*')
+		.pipe(jshint.extract('auto'))
+		.pipe(jshint())
+  		.pipe(jshint.reporter('default'))
+  		.pipe(jshint.reporter('fail'));
+});
+
+gulp.task('test', function(){
+	return gulp.src('test/test_suite.js', {read:false} )
+		.pipe(mocha({
+	    	reporter:'spec',
+	      	fullTrace: true
+	    }))
+	  	.on("error", function(err) {
+	  		console.log(err.toString());
+	  		this.emit('end');
+	  		process.exit();
+	  	})
+});
\ No newline at end of file
diff --git a/package.json b/package.json
index 5f601d4..0d4fd17 100644
--- a/package.json
+++ b/package.json
@@ -1,22 +1,31 @@
 {
   "name": "xdomain-cookies",
-  "version": "1.0.4",
+  "version": "1.0.5",
   "repository": {
     "type": "git",
     "url": "git+https://github.com/contently/xdomain-cookies"
   },
   "description": "JS class for cross-domain shared cookie (via iframe shim)",
   "scripts": {
-    "test": "node_modules/.bin/mocha test/test_suite.js",
+    "test": "gulp test",
     "dev": "node test/test_webserver.js"
   },
+  "homepage": "http://contently.github.io/xdomain-cookies/",
   "author": "Evan Carothers",
   "license": "CC",
   "devDependencies": {
     "chai": "^3.5.0",
     "connect": "^3.4.1",
     "express": "^4.13.4",
+    "gulp": "^3.9.1",
+    "gulp-insert": "^0.5.0",
+    "gulp-jshint": "^2.0.1",
+    "gulp-mocha": "^3.0.1",
+    "gulp-rename": "^1.2.2",
+    "gulp-uglify": "^2.0.0",
+    "jshint": "^2.9.3",
     "mocha": "^2.4.5",
+    "run-sequence": "^1.2.2",
     "serve-static": "^1.10.2",
     "zombie": "^4.2.1"
   }
diff --git a/src/xdomain_cookie.html b/src/xdomain_cookie.html
index 051b6b2..8644c20 100644
--- a/src/xdomain_cookie.html
+++ b/src/xdomain_cookie.html
@@ -42,11 +42,13 @@
 		        	data = JSON.parse(event.data);
 		        }catch(e){}
 		        
-		        if(data && typeof data==='object' &&  'msg_type' in data && data.msg_type==='xdsc_write' && 'namespace' in data && data.namespace === _namespace){
-		        	_set_local_cookie( data.cookie_name, data.cookie_val, parseInt(data.expires_days,10) );
-		        	//ping down to page again to update values of xdomain cookie data
-		        	_send_xdomain_cookie_data_to_page();
-		        }
+		        if(typeof data !== 'object' || (data instanceof Array)) return; //data is not a non-array object
+	        	if(!('msg_type' in data) || data.msg_type !== 'xdsc_write') return; //data is not a xdomainc-cookie payload
+	        	if(!('namespace' in data) || data.namespace !== _namespace) return; //wrong namespace for msg
+
+		        _set_local_cookie( data.cookie_name, data.cookie_val, parseInt(data.expires_days,10) );
+		        //ping down to page again to update values of xdomain cookie data
+		        _send_xdomain_cookie_data_to_page();
 			});
 
 			function _send_xdomain_cookie_data_to_page(){
diff --git a/src/xdomain_cookie.js b/src/xdomain_cookie.js
index 0537f21..a6b89d7 100644
--- a/src/xdomain_cookie.js
+++ b/src/xdomain_cookie.js
@@ -1,3 +1,5 @@
+/* Version 1.0.5 xdomain-cookies (http://contently.github.io/xdomain-cookies/) from Contently (https://github.com/contently) */
+
 (function(exports) {
 	"use strict";
 	
@@ -29,13 +31,14 @@
 	        	data = JSON.parse(event.data);
 	        }catch(e){}
 
-	        if(!data) return;
-	        if(typeof data==='object' && !(data instanceof Array) &&  'msg_type' in data && data.msg_type==='xdsc_read' && 'namespace' in data && data.namespace === _namespace){
-	        	//NOTE - the only thing iframe postMessages to us is when it's initially loaded, and it includes payload of all cookies set on iframe domain
-	        	_xdomain_cookie_data = data.cookies;
-				_iframe_ready = true;
-				_fire_pending_callbacks();
-	        }
+	        if(typeof data !== 'object' || (data instanceof Array)) return; //data is not a non-array object
+	        if(!('msg_type' in data) || data.msg_type !== 'xdsc_read') return; //data is not a xdomainc-cookie payload
+	        if(!('namespace' in data) || data.namespace !== _namespace) return; //wrong namespace for msg
+
+	        //NOTE - the only thing iframe postMessages to us is when it's initially loaded, and it includes payload of all cookies set on iframe domain
+        	_xdomain_cookie_data = data.cookies;
+			_iframe_ready = true;
+			_fire_pending_callbacks();
 		}	
 
 		//an error occured loading the iframe from specified source (based on timeout)
@@ -98,7 +101,7 @@
 			
 			//if iframe isn't ready, wait for it to be ready
 			if(!_iframe_ready && !_iframe_load_error){
-				return _callbacks.push(function(load_error){
+				return _callbacks.push(function(){
 					_set_xdomain_cookie_value( cookie_name, cookie_value, expires_days);
 				});
 			}
diff --git a/src/xdomain_cookie.min.js b/src/xdomain_cookie.min.js
new file mode 100644
index 0000000..9554104
--- /dev/null
+++ b/src/xdomain_cookie.min.js
@@ -0,0 +1,3 @@
+/* Version 1.0.5 xdomain-cookies (http://contently.github.io/xdomain-cookies/) from Contently (https://github.com/contently) */
+
+!function(exports){"use strict";var xDomainCookie=function(iframe_path,namespace,xdomain_only,iframe_load_timeout_ms){function _inbound_postmessage(event){var origin=event.origin||event.originalEvent.origin;if(origin===iframe_path&&"string"==typeof event.data){var data=null;try{data=JSON.parse(event.data)}catch(e){}"object"!=typeof data||data instanceof Array||"msg_type"in data&&"xdsc_read"===data.msg_type&&"namespace"in data&&data.namespace===_namespace&&(_xdomain_cookie_data=data.cookies,_iframe_ready=!0,_fire_pending_callbacks())}}function _iframe_load_error_occured(){_iframe_load_error=!0,_fire_pending_callbacks()}function _on_iframe_ready_or_error(cb){_callbacks.push(cb),_fire_pending_callbacks()}function _fire_pending_callbacks(){if(_iframe_load_error||_iframe_ready)for(;_callbacks.length>0;)_callbacks.pop()(_iframe_load_error)}function _set_cookie_in_iframe(cookie_name,cookie_value,expires_days){var data={namespace:_namespace,msg_type:"xdsc_write",cookie_name:cookie_name,cookie_val:cookie_value,expires_days:expires_days};document.getElementById("xdomain_cookie_"+_id).contentWindow.postMessage(JSON.stringify(data),iframe_path)}function _get_local_cookie(cookie_name){for(var name=cookie_name+"=",ca=document.cookie.split(";"),i=0;i<ca.length;i++){var c=ca[i].trim();if(0===c.indexOf(name))return decodeURIComponent(c.substring(name.length,c.length))}return""}function _set_local_cookie(cookie_name,cookie_value,expires_days){var d=new Date;d.setTime(d.getTime()+1e3*expires_days*60*60*24),document.cookie=cookie_name+"="+cookie_value+"; expires="+d.toUTCString()}function _set_xdomain_cookie_value(cookie_name,cookie_value,expires_days){return _iframe_ready||_iframe_load_error?(expires_days=expires_days||_default_expires_days,expires_days=null===cookie_value||void 0===cookie_value?-100:expires_days,_xdomain_only||_set_local_cookie(cookie_name,cookie_value,expires_days),_iframe_load_error||_set_cookie_in_iframe(cookie_name,cookie_value,expires_days),void(_xdomain_cookie_data[cookie_name]=cookie_value)):_callbacks.push(function(){_set_xdomain_cookie_value(cookie_name,cookie_value,expires_days)})}function _get_xdomain_cookie_value(cookie_name,callback,expires_days){function _cb(xdomain_success,cookie_val,callback){_set_xdomain_cookie_value(cookie_name,cookie_val,expires_days),"function"==typeof callback&&callback(cookie_val)}if(expires_days=expires_days||_default_expires_days,!_xdomain_only){var _existing_local_cookie_val=_get_local_cookie(cookie_name);if(_existing_local_cookie_val)return _on_iframe_ready_or_error(function(is_err){_cb(!is_err,_existing_local_cookie_val)}),callback(_existing_local_cookie_val)}_on_iframe_ready_or_error(function(is_err){if(is_err)return _cb(!1,null,callback);var _current_cookie_val=cookie_name in _xdomain_cookie_data?_xdomain_cookie_data[cookie_name]:null;_cb(!is_err,_current_cookie_val,callback)})}"//"===iframe_path.substr(0,2)&&(iframe_path=("https:"===window.location.protocol?"https:":"http:")+iframe_path);var _namespace=namespace||"xdsc",_load_wait_ms=iframe_load_timeout_ms||6e3,_iframe_ready=!1,_iframe_load_error=!1,_callbacks=[],_xdomain_cookie_data={},_id=(new Date).getTime(),_default_expires_days=30,_xdomain_only=!!xdomain_only;window.addEventListener("message",_inbound_postmessage);var ifr=document.createElement("iframe");ifr.style.display="none",ifr.id="xdomain_cookie_"+_id;var data={namespace:_namespace,window_origin:window.location.origin,iframe_origin:iframe_path};return ifr.src=iframe_path+"/xdomain_cookie.html#"+encodeURIComponent(JSON.stringify(data)),document.body.appendChild(ifr),setTimeout(function(){_iframe_ready||_iframe_load_error_occured()},_load_wait_ms),{get:_get_xdomain_cookie_value,set:_set_xdomain_cookie_value}};exports.xDomainCookie=xDomainCookie}(this);
\ No newline at end of file
diff --git a/test/test_page.html b/test/test_page.html
index 0f8c2f7..6d6fae1 100644
--- a/test/test_page.html
+++ b/test/test_page.html
@@ -3,7 +3,7 @@
 </head>
 <body>
 
-<script src="xdomain_cookie.js"></script>
+<script src="xdomain_cookie.dev.js"></script>
 <script>
 
 	var js_errors = [];
diff --git a/test/test_s3_bucket.html b/test/test_s3_bucket.html
index a06de96..510f34e 100644
--- a/test/test_s3_bucket.html
+++ b/test/test_s3_bucket.html
@@ -4,7 +4,7 @@
 <body>
 
 
-<script src="http://localhost:3001/xdomain_cookie.js"></script>
+<script src="http://localhost:3001/xdomain_cookie.dev.js"></script>
 <script>
     
     //simple test of xdomain lib for s3 bucket location w/ no protocol specified
diff --git a/test/test_webserver.js b/test/test_webserver.js
index 5b87916..1743d79 100644
--- a/test/test_webserver.js
+++ b/test/test_webserver.js
@@ -5,7 +5,7 @@ console.log(__dirname);
 
 var app = connect();
 
-app.use(serveStatic(__dirname+"/../src"));
+app.use(serveStatic(__dirname+"/../dev"));
 app.use(serveStatic(__dirname+"/../test"));
 
 app.use(function(req, res, next){