koa-cash 5.0.1 → 5.0.2

package/index.js

@@ -155,14 +155,22 @@ module.exports = function (options) {
     };
 
     //
-    // if the content-type was `text` or started with `text/plain` then don't cache
+    // if the content-type was `text` or started with `text/plain` then
+    // check if the path extension is a known text/plain extension;
+    // if it has an extension that is NOT in the list, null the type
     // (since it's likely cache poisoning or the default Koa `text` being used)
+    //
     // NOTE: we use `startsWith` for `text/plain` to handle charset variations
     //       (e.g. `text/plain; charset=utf-8` which is Koa's default)
     //
+    // NOTE: `path.extname()` returns the extension with a leading dot
+    //       (e.g. `.txt`) but `TXT_EXTENSIONS` stores extensions without
+    //       the dot (e.g. `txt`), so we strip the dot with `slice(1)`
+    //
     if (obj.type === 'text' || obj.type?.startsWith('text/plain')) {
       const ext = path.extname(ctx.path);
-      if (ext && !TXT_EXTENSIONS.has(ext.toLowerCase())) obj.type = null;
+      if (ext && !TXT_EXTENSIONS.has(ext.slice(1).toLowerCase()))
+        obj.type = null;
     }
 
     const { fresh } = ctx.request;

package/package.json

@@ -1,7 +1,7 @@
 {
   "name": "koa-cash",
   "description": "HTTP response caching for Koa. HTTP response caching for Koa.  Supports Redis, in-memory store, and more!",
-  "version": "5.0.1",
+  "version": "5.0.2",
   "author": "Jonathan Ong <me@jongleberry.com> (http://jongleberry.com)",
   "bugs": {
     "url": "https://github.com/koajs/cash/issues",