3.17.4

deps: connect@2.26.2
3.17.3
2026-02-26 08:45:36 +00:00 · 2014-09-19 22:57:07 -07:00 · 2014-09-19 22:54:39 -07:00 · 2014-09-18 10:38:31 -07:00 · 2014-09-18 10:36:21 -07:00 · 2014-09-16 00:14:41 -07:00
146 changed files with 4720 additions and 1482 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,6 +1,5 @@
-coverage.html
+coverage/
 .DS_Store
-lib-cov
 *.seed
 *.log
 *.csv
@@ -13,6 +12,5 @@ benchmarks/graphs
 testing
 node_modules/
 testing
-.coverage_data
-cover_html
 test.js
+.idea
--- a/.gitmodules
+++ b/.gitmodules
--- a/.npmignore
+++ b/.npmignore
@@ -1,9 +1,10 @@
 .git*
+benchmarks/
+coverage/
 docs/
 examples/
 support/
 test/
 testing.js
 .DS_Store
-coverage.html
-lib-cov
+.travis.yml
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,3 +1,11 @@
 language: node_js
 node_js:
-  - 0.6
+  - "0.8"
+  - "0.10"
+  - "0.11"
+matrix:
+  allow_failures:
+    - node_js: "0.11"
+  fast_finish: true
+script: "npm run-script test-travis"
+after_script: "npm install coveralls@2.10.0 && cat ./coverage/lcov.info | coveralls"
--- a/History.md
+++ b/History.md
--- a/2
+++ b/2
@@ -1,6 +1,6 @@
 (The MIT License)

-Copyright (c) 2009-2011 TJ Holowaychuk <tj@vision-media.ca>
+Copyright (c) 2009-2013 TJ Holowaychuk <tj@vision-media.ca>

 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
--- a/33
+++ b/33
@@ -1,33 +0,0 @@
-
-MOCHA_OPTS=
-REPORTER = dot
-
-check: test
-
-test: test-unit test-acceptance
-
-test-unit:
-	@NODE_ENV=test ./node_modules/.bin/mocha \
-		--reporter $(REPORTER) \
-		$(MOCHA_OPTS)
-
-test-acceptance:
-	@NODE_ENV=test ./node_modules/.bin/mocha \
-		--reporter $(REPORTER) \
-		--bail \
-		test/acceptance/*.js
-
-test-cov: lib-cov
-	@EXPRESS_COV=1 $(MAKE) test REPORTER=html-cov > coverage.html
-
-lib-cov:
-	@jscoverage lib lib-cov
-
-benchmark:
-	@./support/bench
-
-clean:
-	rm -f coverage.html
-	rm -fr lib-cov
-
-.PHONY: test test-unit test-acceptance benchmark clean
--- a/Readme.md
+++ b/Readme.md
@@ -1,6 +1,11 @@
-![express logo](http://f.cl.ly/items/0V2S1n0K1i3y1c122g04/Screen%20Shot%202012-04-11%20at%209.59.42%20AM.png)
+[![express logo](http://f.cl.ly/items/0V2S1n0K1i3y1c122g04/Screen%20Shot%202012-04-11%20at%209.59.42%20AM.png)](http://expressjs.com/)

-  Fast, unopinionated, minimalist web framework for [node](http://nodejs.org). [![Build Status](https://secure.travis-ci.org/visionmedia/express.png)](http://travis-ci.org/visionmedia/express)
+  Fast, unopinionated, minimalist web framework for [node](http://nodejs.org).
+
+  [![NPM version](https://img.shields.io/npm/v/express.svg?style=flat)](https://www.npmjs.org/package/express)
+  [![Build Status](https://img.shields.io/travis/strongloop/express.svg?style=flat)](https://travis-ci.org/strongloop/express)
+  [![Coverage Status](https://img.shields.io/coveralls/strongloop/express.svg?style=flat)](https://coveralls.io/r/strongloop/express)
+  [![Gittip](https://img.shields.io/gittip/dougwilson.svg?style=flat)](https://www.gittip.com/dougwilson/)

 ```js
 var express = require('express');
@@ -17,10 +22,6 @@ app.listen(3000);

    $ npm install -g express

- To install the 3.0 alpha:
- 
-    $ npm install -g express@3.0
-
 ## Quick Start

 The quickest way to get started with express is to utilize the executable `express(1)` to generate an application as shown below:
@@ -52,112 +53,59 @@ app.listen(3000);

 ## Philosophy

-  The Express philosophy is to provide small, robust tooling for HTTP servers. Making
+  The Express philosophy is to provide small, robust tooling for HTTP servers, making
  it a great solution for single page applications, web sites, hybrids, or public
  HTTP APIs.
-  
-  Built on Connect you can use _only_ what you need, and nothing more, applications
+
+  Built on Connect, you can use _only_ what you need, and nothing more. Applications
  can be as big or as small as you like, even a single file. Express does
  not force you to use any specific ORM or template engine. With support for over
-  14 template engines via [Consolidate.js](http://github.com/visionmedia/consolidate.js)
+  14 template engines via [Consolidate.js](http://github.com/visionmedia/consolidate.js),
  you can quickly craft your perfect framework.

 ## More Information

+  * [Website and Documentation](http://expressjs.com/) stored at [strongloop/expressjs.com](https://github.com/strongloop/expressjs.com)
  * Join #express on freenode
  * [Google Group](http://groups.google.com/group/express-js) for discussion
  * Follow [tjholowaychuk](http://twitter.com/tjholowaychuk) on twitter for updates
-  * Visit the [Wiki](http://github.com/visionmedia/express/wiki)
-  * [日本語ドキュメンテーション](http://hideyukisaito.com/doc/expressjs/) by [hideyukisaito](https://github.com/hideyukisaito)
-  * [Русскоязычная документация](http://express-js.ru/)
+  * Visit the [Wiki](http://github.com/strongloop/express/wiki)
+  * [Русскоязычная документация](http://jsman.ru/express/)
+  * Run express examples [online](https://runnable.com/express)

 ## Viewing Examples

-Clone the Express repo, then install the dev dependencies to install all the example / test suite deps:
+Clone the Express repo, then install the dev dependencies to install all the example / test suite dependencies:

-    $ git clone git://github.com/visionmedia/express.git --depth 1
+    $ git clone git://github.com/strongloop/express.git --depth 1
    $ cd express
    $ npm install

-then run whichever tests you want:
+Then run whichever tests you want:

    $ node examples/content-negotiation

+You can also view live examples here:
+
+<a href="https://runnable.com/express" target="_blank"><img src="https://runnable.com/external/styles/assets/runnablebtn.png" style="width:67px;height:25px;"></a>
+
 ## Running Tests

-To run the test suite first invoke the following command within the repo, installing the development dependencies:
+To run the test suite, first invoke the following command within the repo, installing the development dependencies:

    $ npm install

-then run the tests:
+Then run the tests:

-    $ make test
+```sh
+$ npm test
+```

 ## Contributors

-```
-project: express
-commits: 3559
-active : 468 days
-files  : 237
-authors: 
- 1891	Tj Holowaychuk          53.1%
- 1285	visionmedia             36.1%
-  182	TJ Holowaychuk          5.1%
-   54	Aaron Heckmann          1.5%
-   34	csausdev                1.0%
-   26	ciaranj                 0.7%
-   21	Robert Sköld          0.6%
-    6	Guillermo Rauch         0.2%
-    3	Dav Glass               0.1%
-    3	Nick Poulden            0.1%
-    2	Randy Merrill           0.1%
-    2	Benny Wong              0.1%
-    2	Hunter Loftis           0.1%
-    2	Jake Gordon             0.1%
-    2	Brian McKinney          0.1%
-    2	Roman Shtylman          0.1%
-    2	Ben Weaver              0.1%
-    2	Dave Hoover             0.1%
-    2	Eivind Fjeldstad        0.1%
-    2	Daniel Shaw             0.1%
-    1	Matt Colyer             0.0%
-    1	Pau Ramon               0.0%
-    1	Pero Pejovic            0.0%
-    1	Peter Rekdal Sunde      0.0%
-    1	Raynos                  0.0%
-    1	Teng Siong Ong          0.0%
-    1	Viktor Kelemen          0.0%
-    1	ctide                   0.0%
-    1	8bitDesigner            0.0%
-    1	isaacs                  0.0%
-    1	mgutz                   0.0%
-    1	pikeas                  0.0%
-    1	shuwatto                0.0%
-    1	tstrimple               0.0%
-    1	ewoudj                  0.0%
-    1	Adam Sanderson          0.0%
-    1	Andrii Kostenko         0.0%
-    1	Andy Hiew               0.0%
-    1	Arpad Borsos            0.0%
-    1	Ashwin Purohit          0.0%
-    1	Benjen                  0.0%
-    1	Darren Torpey           0.0%
-    1	Greg Ritter             0.0%
-    1	Gregory Ritter          0.0%
-    1	James Herdman           0.0%
-    1	Jim Snodgrass           0.0%
-    1	Joe McCann              0.0%
-    1	Jonathan Dumaine        0.0%
-    1	Jonathan Palardy        0.0%
-    1	Jonathan Zacsh          0.0%
-    1	Justin Lilly            0.0%
-    1	Ken Sato                0.0%
-    1	Maciej Małecki         0.0%
-    1	Masahiro Hayashi        0.0%
-```
+  https://github.com/strongloop/express/graphs/contributors

-## License 
+## License

 (The MIT License)

--- a/benchmarks/Makefile
+++ b/benchmarks/Makefile
@@ -0,0 +1,13 @@
+
+all:
+	@./run 1 middleware
+	@./run 5 middleware
+	@./run 10 middleware
+	@./run 15 middleware
+	@./run 20 middleware
+	@./run 30 middleware
+	@./run 50 middleware
+	@./run 100 middleware
+	@echo
+
+.PHONY: all
--- a/benchmarks/middleware.js
+++ b/benchmarks/middleware.js
@@ -0,0 +1,23 @@
+
+var http = require('http');
+var express = require('..');
+var app = express();
+
+// number of middleware
+
+var n = parseInt(process.env.MW || '1', 10);
+console.log('  %s middleware', n);
+
+while (n--) {
+  app.use(function(req, res, next){
+    next();
+  });
+}
+
+var body = new Buffer('Hello World');
+
+app.use(function(req, res, next){
+  res.send(body);
+});
+
+app.listen(3333);
--- a/benchmarks/run
+++ b/benchmarks/run
@@ -0,0 +1,16 @@
+#!/usr/bin/env bash
+
+echo
+MW=$1 node $2 &
+pid=$!
+
+sleep 2
+
+wrk 'http://localhost:3333/?foo[bar]=baz' \
+  -d 3 \
+  -c 50 \
+  -t 8 \
+  | grep 'Requests/sec' \
+  | awk '{ print "  " $2 }'
+
+kill $pid
--- a/bin/express
+++ b/bin/express
@@ -4,8 +4,7 @@
 * Module dependencies.
 */

-var exec = require('child_process').exec
-  , program = require('commander')
+var program = require('commander')
  , mkdirp = require('mkdirp')
  , pkg = require('../package.json')
  , version = pkg.version
@@ -16,6 +15,7 @@ var exec = require('child_process').exec

 program
  .version(version)
+  .usage('[options] [dir]')
  .option('-s, --sessions', 'add session support')
  .option('-e, --ejs', 'add ejs engine support (defaults to jade)')
  .option('-J, --jshtml', 'add jshtml engine support (defaults to jade)')
@@ -30,7 +30,7 @@ var path = program.args.shift() || '.';

 // end-of-line code

-var eol = 'win32' == os.platform() ? '\r\n' : '\n'
+var eol = os.EOL

 // Template engine

@@ -74,7 +74,7 @@ var users = [
 */

 var jadeLayout = [
-    'doctype 5'
+    'doctype html'
  , 'html'
  , '  head'
  , '    title= title'
@@ -208,35 +208,36 @@ var app = [
  , ' * Module dependencies.'
  , ' */'
  , ''
-  , 'var express = require(\'express\')'
-  , '  , routes = require(\'./routes\')'
-  , '  , user = require(\'./routes/user\')'
-  , '  , http = require(\'http\')'
-  , '  , path = require(\'path\');'
+  , 'var express = require(\'express\');'
+  , 'var routes = require(\'./routes\');'
+  , 'var user = require(\'./routes/user\');'
+  , 'var http = require(\'http\');'
+  , 'var path = require(\'path\');'
  , ''
  , 'var app = express();'
  , ''
-  , 'app.configure(function(){'
-  , '  app.set(\'port\', process.env.PORT || 3000);'
-  , '  app.set(\'views\', __dirname + \'/views\');'
-  , '  app.set(\'view engine\', \':TEMPLATE\');'
-  , '  app.use(express.favicon());'
-  , '  app.use(express.logger(\'dev\'));'
-  , '  app.use(express.bodyParser());'
-  , '  app.use(express.methodOverride());{sess}'
-  , '  app.use(app.router);{css}'
-  , '  app.use(express.static(path.join(__dirname, \'public\')));'
-  , '});'
+  , '// all environments'
+  , 'app.set(\'port\', process.env.PORT || 3000);'
+  , 'app.set(\'views\', path.join(__dirname, \'views\'));'
+  , 'app.set(\'view engine\', \':TEMPLATE\');'
+  , 'app.use(express.favicon());'
+  , 'app.use(express.logger(\'dev\'));'
+  , 'app.use(express.json());'
+  , 'app.use(express.urlencoded());'
+  , 'app.use(express.methodOverride());{sess}'
+  , 'app.use(app.router);{css}'
+  , 'app.use(express.static(path.join(__dirname, \'public\')));'
  , ''
-  , 'app.configure(\'development\', function(){'
+  , '// development only'
+  , 'if (\'development\' == app.get(\'env\')) {'
  , '  app.use(express.errorHandler());'
-  , '});'
+  , '}'
  , ''
  , 'app.get(\'/\', routes.index);'
  , 'app.get(\'/users\', user.list);'
  , ''
  , 'http.createServer(app).listen(app.get(\'port\'), function(){'
-  , '  console.log("Express server listening on port " + app.get(\'port\'));'
+  , '  console.log(\'Express server listening on port \' + app.get(\'port\'));'
  , '});'
  , ''
 ].join(eol);
@@ -323,10 +324,10 @@ function createApplicationAt(path) {
    // CSS Engine support
    switch (program.css) {
      case 'less':
-        app = app.replace('{css}', eol + '  app.use(require(\'less-middleware\')({ src: __dirname + \'/public\' }));');
+        app = app.replace('{css}', eol + 'app.use(require(\'less-middleware\')({ src: path.join(__dirname, \'public\') }));');
        break;
      case 'stylus':
-        app = app.replace('{css}', eol + '  app.use(require(\'stylus\').middleware(__dirname + \'/public\'));');
+        app = app.replace('{css}', eol + 'app.use(require(\'stylus\').middleware(path.join(__dirname, \'public\')));');
        break;
      default:
        app = app.replace('{css}', '');
@@ -334,7 +335,7 @@ function createApplicationAt(path) {

    // Session support
    app = app.replace('{sess}', program.sessions
-      ? eol + '  app.use(express.cookieParser(\'your secret here\'));' + eol + '  app.use(express.session());'
+      ? eol + 'app.use(express.session({ secret: \'your secret here\' }));'
      : '');

    // Template support
@@ -345,7 +346,7 @@ function createApplicationAt(path) {
        name: 'application-name'
      , version: '0.0.1'
      , private: true
-      , scripts: { start: 'node app' }
+      , scripts: { start: 'node app.js' }
      , dependencies: {
        express: version
      }
@@ -356,7 +357,7 @@ function createApplicationAt(path) {
    // CSS Engine support
    switch (program.css) {
      case 'less':
-        pkg.dependencies['less-middleware'] = '*';
+        pkg.dependencies['less-middleware'] = '~0.1.15';
        break;
      default:
        if (program.css) {
--- a/client.js
+++ b/client.js
@@ -1,25 +0,0 @@
-
-var http = require('http');
-
-var times = 50;
-
-while (times--) {
-  var req = http.request({
-      port: 3000
-    , method: 'POST'
-    , headers: { 'Content-Type': 'application/x-www-form-urlencoded' }
-  });
-
-  req.on('response', function(res){
-    console.log(res.statusCode);
-  });
-
-  var n = 500000;
-  while (n--) {
-    req.write('foo=bar&bar=baz&');
-  }
-
-  req.write('foo=bar&bar=baz');
-
-  req.end();
-}
--- a/examples/auth/app.js
+++ b/examples/auth/app.js
@@ -14,9 +14,8 @@ app.set('views', __dirname + '/views');

 // middleware

-app.use(express.bodyParser());
-app.use(express.cookieParser('shhhh, very secret'));
-app.use(express.session());
+app.use(express.urlencoded({ extended: false }));
+app.use(express.session({ secret: 'shhhh, very secret' }));

 // Session-persisted message middleware

@@ -118,6 +117,7 @@ app.post('/login', function(req, res){
  });
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
--- a/examples/auth/pass.js
+++ b/examples/auth/pass.js
@@ -31,7 +31,9 @@ var iterations = 12000;

 exports.hash = function (pwd, salt, fn) {
  if (3 == arguments.length) {
-    crypto.pbkdf2(pwd, salt, iterations, len, fn);
+    crypto.pbkdf2(pwd, salt, iterations, len, function(err, hash){
+      fn(err, hash.toString('base64'));
+    });
  } else {
    fn = salt;
    crypto.randomBytes(len, function(err, salt){
@@ -39,7 +41,7 @@ exports.hash = function (pwd, salt, fn) {
      salt = salt.toString('base64');
      crypto.pbkdf2(pwd, salt, iterations, len, function(err, hash){
        if (err) return fn(err);
-        fn(null, salt, hash);
+        fn(null, salt, hash.toString('base64'));
      });
    });
  }
--- a/examples/big-view/index.js
+++ b/examples/big-view/index.js
@@ -20,5 +20,8 @@ app.get('/', function(req, res){
  res.render('pets', { pets: pets });
 });

-app.listen(3000);
-console.log('Express listening on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/big-view/pets.jade
+++ b/examples/big-view/pets.jade
@@ -1,4 +1,4 @@
-style
+style.
  body {
    padding: 50px;
    font: 16px "Helvetica Neue", Helvetica;
--- a/examples/content-negotiation/index.js
+++ b/examples/content-negotiation/index.js
@@ -1,8 +1,9 @@
-
 var express = require('../../')
  , app = module.exports = express()
  , users = require('./db');

+// so either you can deal with different types of formatting 
+// for expected response in index.js
 app.get('/', function(req, res){
  res.format({
    html: function(){
@@ -24,10 +25,11 @@ app.get('/', function(req, res){
 });

 // or you could write a tiny middleware like
-// this to abstract make things a bit more declarative:
+// this to add a layer of abstraction
+// and make things a bit more declarative:

-function format(mod) {
-  var obj = require(mod);
+function format(path) {
+  var obj = require(path);
  return function(req, res){
    res.format(obj);
  }
@@ -35,7 +37,8 @@ function format(mod) {

 app.get('/users', format('./users'));

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
-  console.log('listening on port 3000');
-}
+  console.log('Express started on port 3000');
+}
--- a/examples/cookie-sessions/index.js
+++ b/examples/cookie-sessions/index.js
@@ -26,7 +26,8 @@ function count(req, res) {
  res.send('viewed ' + n + ' times\n');
 }

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
-  console.log('Express server listening on port 3000');
-}
+  console.log('Express started on port 3000');
+}
--- a/examples/cookies/app.js
+++ b/examples/cookies/app.js
@@ -15,8 +15,7 @@ var express = require('../../')
 app.use(express.favicon());

 // custom log format
-if ('test' != process.env.NODE_ENV)
-  app.use(express.logger(':method :url'));
+if ('test' != process.env.NODE_ENV) app.use(express.logger(':method :url'));

 // parses request cookies, populating
 // req.cookies and req.signedCookies
@@ -48,7 +47,8 @@ app.post('/', function(req, res){
  res.redirect('back');
 });

-if (!module.parent){
+/* istanbul ignore next */
+if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
-}
+}
--- a/examples/cors/index.js
+++ b/examples/cors/index.js
@@ -1,4 +1,3 @@
-
 /**
 * Module dependencies.
 */
@@ -21,11 +20,13 @@ api.use(express.bodyParser());
 */

 api.all('*', function(req, res, next){
+  if (!req.get('Origin')) return next();
  // use "*" here to accept any origin
  res.set('Access-Control-Allow-Origin', 'http://localhost:3000');
  res.set('Access-Control-Allow-Methods', 'GET, POST');
  res.set('Access-Control-Allow-Headers', 'X-Requested-With, Content-Type');
  // res.set('Access-Control-Allow-Max-Age', 3600);
+  if ('OPTIONS' == req.method) return res.send(200);
  next();
 });

--- a/examples/downloads/app.js
+++ b/examples/downloads/app.js
@@ -38,7 +38,8 @@ app.use(function(err, req, res, next){
  }
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
-}
+}
--- a/examples/ejs/index.js
+++ b/examples/ejs/index.js
@@ -44,7 +44,8 @@ app.get('/', function(req, res){
  });
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
-  console.log('Express app started on port 3000');
+  console.log('Express started on port 3000');
 }
--- a/examples/error-pages/index.js
+++ b/examples/error-pages/index.js
@@ -17,9 +17,7 @@ app.enable('verbose errors');

 // disable them in production
 // use $ NODE_ENV=production node examples/error-pages
-if ('production' == app.settings.env) {
-  app.disable('verbose errors');
-}
+if ('production' == app.settings.env) app.disable('verbose errors');

 app.use(express.favicon());

@@ -106,7 +104,8 @@ app.get('/500', function(req, res, next){
  next(new Error('keyboard cat!'));
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
-  silent || console.log('Express started on port 3000');
-}
+  console.log('Express started on port 3000');
+}
--- a/examples/error/index.js
+++ b/examples/error/index.js
@@ -42,7 +42,8 @@ app.get('/next', function(req, res, next){
  });
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
-}
+}
--- a/examples/expose-data-to-client/index.js
+++ b/examples/expose-data-to-client/index.js
@@ -56,5 +56,8 @@ app.get('/user', function(req, res){
  res.render('page');
 });

-app.listen(3000);
-console.log('app listening on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/expose-data-to-client/views/page.jade
+++ b/examples/expose-data-to-client/views/page.jade
@@ -1,7 +1,7 @@
 html
  head
    title Express
-    script
+    script.
      // call this whatever you like,
      // or dump them into individual
      // props like "var user ="
@@ -10,5 +10,5 @@ html
    h1 Expose client data
    p The following was exposed to the client:
    pre
-      script
+      script.
        document.write(JSON.stringify(data, null, 2))
--- a/examples/hello-world/index.js
+++ b/examples/hello-world/index.js
@@ -7,5 +7,8 @@ app.get('/', function(req, res){
  res.send('Hello World');
 });

-app.listen(3000);
-console.log('Express started on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/jade/index.js
+++ b/examples/jade/index.js
@@ -41,5 +41,8 @@ app.get('/', function(req, res){
  res.render('users', { users: users });
 });

-app.listen(3000);
-console.log('Express app started on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/jade/views/layout.jade
+++ b/examples/jade/views/layout.jade
@@ -1,5 +1,5 @@
-!!! 5
+doctype html
 html
  include header
  body
-    block content
+    block content
--- a/examples/markdown/index.js
+++ b/examples/markdown/index.js
@@ -3,9 +3,9 @@
 * Module dependencies.
 */

-var express = require('../../')
+var express = require('../..')
  , fs = require('fs')
-  , md = require('github-flavored-markdown').parse;
+  , md = require('marked').parse;

 var app = module.exports = express();

@@ -39,7 +39,8 @@ app.get('/fail', function(req, res){
  res.render('missing', { title: 'Markdown Example' });
 })

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
-}
+}
--- a/examples/multipart/index.js
+++ b/examples/multipart/index.js
@@ -30,7 +30,8 @@ app.post('/', function(req, res, next){
    , req.body.title));
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
-}
+}
--- a/examples/mvc/controllers/pet/index.js
+++ b/examples/mvc/controllers/pet/index.js
@@ -20,7 +20,7 @@ exports.edit = function(req, res, next){

 exports.update = function(req, res, next){
  var body = req.body;
-  req.pet.name = body.user.name;
+  req.pet.name = body.pet.name;
  res.message('Information updated!');
  res.redirect('/pet/' + req.pet.id);
 };
--- a/examples/mvc/index.js
+++ b/examples/mvc/index.js
@@ -1,4 +1,3 @@
-
 var express = require('../..');

 var app = module.exports = express();
@@ -32,11 +31,10 @@ if (!module.parent) app.use(express.logger('dev'));
 app.use(express.static(__dirname + '/public'));

 // session support
-app.use(express.cookieParser('some secret here'));
-app.use(express.session());
+app.use(express.session({ secret: 'some secret here' }));

 // parse request bodies (req.body)
-app.use(express.bodyParser());
+app.use(express.urlencoded({ extended: true }));

 // support _method (PUT in forms etc)
 app.use(express.methodOverride());
@@ -58,10 +56,10 @@ app.use(function(req, res, next){
   });
  */

+  next();
  // empty or "flush" the messages so they
  // don't build up
  req.session.messages = [];
-  next();
 });

 // load controllers
@@ -87,7 +85,8 @@ app.use(function(req, res, next){
  res.status(404).render('404', { url: req.originalUrl });
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
-  console.log('\n  listening on port 3000\n');
-}
+  console.log('Express started on port 3000');
+}
--- a/examples/online/index.js
+++ b/examples/online/index.js
@@ -50,5 +50,8 @@ app.get('/', function(req, res, next){
  });
 });

-app.listen(3000);
-console.log('listening on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/params/app.js
+++ b/examples/params/app.js
@@ -19,8 +19,8 @@ var users = [
 // Convert :to and :from to integers

 app.param(['to', 'from'], function(req, res, next, num, name){ 
-  req.params[name] = num = parseInt(num, 10);
-  if( isNaN(num) ){
+  req.params[name] = parseInt(num, 10);
+  if( isNaN(req.params[name]) ){
    next(new Error('failed to parseInt '+num));
  } else {
    next();
@@ -64,7 +64,8 @@ app.get('/users/:from-:to', function(req, res, next){
  res.send('users ' + names.slice(from, to).join(', '));
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
-}
+}
--- a/examples/resource/app.js
+++ b/examples/resource/app.js
@@ -18,7 +18,10 @@ app.resource = function(path, obj) {
    obj.range(req, res, a, b, format);
  });
  this.get(path + '/:id', obj.show);
-  this.del(path + '/:id', obj.destroy);
+  this.delete(path + '/:id', function(req, res){
+    var id = parseInt(req.params.id, 10);
+    obj.destroy(req, res, id);
+  });
 };

 // Fake records
@@ -41,8 +44,7 @@ var User = {
  show: function(req, res){
    res.send(users[req.params.id] || { error: 'Cannot find user' });
  },
-  destroy: function(req, res){
-    var id = req.params.id;
+  destroy: function(req, res, id){
    var destroyed = id in users;
    delete users[id];
    res.send(destroyed ? 'destroyed' : 'Cannot find user');
@@ -85,7 +87,8 @@ app.get('/', function(req, res){
  ].join('\n')); 
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
-}
+}
--- a/examples/route-map/index.js
+++ b/examples/route-map/index.js
@@ -29,7 +29,7 @@ var users = {
    res.send('user ' + req.params.uid);
  },

-  del: function(req, res){
+  delete: function(req, res){
    res.send('delete users');
  }
 };
@@ -39,7 +39,7 @@ var pets = {
    res.send('user ' + req.params.uid + '\'s pets');
  },

-  del: function(req, res){
+  delete: function(req, res){
    res.send('delete ' + req.params.uid + '\'s pet ' + req.params.pid);
  }
 };
@@ -47,17 +47,21 @@ var pets = {
 app.map({
  '/users': {
    get: users.list,
-    del: users.del,
+    delete: users.delete,
    '/:uid': {
      get: users.get,
      '/pets': {
        get: pets.list,
        '/:pid': {
-          del: pets.del
+          delete: pets.delete
        }
      }
    }
  }
 });

-app.listen(3000);
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/route-middleware/index.js
+++ b/examples/route-middleware/index.js
@@ -77,9 +77,12 @@ app.get('/user/:id/edit', loadUser, andRestrictToSelf, function(req, res){
  res.send('Editing user ' + req.user.name);
 });

-app.del('/user/:id', loadUser, andRestrictTo('admin'), function(req, res){
+app.delete('/user/:id', loadUser, andRestrictTo('admin'), function(req, res){
  res.send('Deleted user ' + req.user.name);
 });

-app.listen(3000);
-console.log('Express app started on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/route-separation/index.js
+++ b/examples/route-separation/index.js
@@ -36,5 +36,8 @@ app.put('/user/:id/edit', user.update);

 app.get('/posts', post.list);

-app.listen(3000);
-console.log('Express app started on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/search/index.js
+++ b/examples/search/index.js
@@ -57,5 +57,8 @@ app.get('/client.js', function(req, res){
  res.sendfile(__dirname + '/client.js');
 });

-app.listen(3000);
-console.log('app listening on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/search/search.jade
+++ b/examples/search/search.jade
@@ -2,7 +2,7 @@
 html
  head
    title Search example
-    style
+    style.
      body {
        font: 14px "Helvetica Neue", Helvetica;
        padding: 50px;
--- a/examples/session/index.js
+++ b/examples/session/index.js
@@ -9,13 +9,8 @@ var app = express();

 app.use(express.logger('dev'));

-// Required by session() middleware
-// pass the secret for signed cookies
-// (required by session())
-app.use(express.cookieParser('keyboard cat'));
-
 // Populates req.session
-app.use(express.session());
+app.use(express.session({ secret: 'keyboard cat' }));

 app.get('/', function(req, res){
  var body = '';
@@ -28,5 +23,8 @@ app.get('/', function(req, res){
  res.send(body + '<p>viewed <strong>' + req.session.views + '</strong> times.</p>');
 });

-app.listen(3000);
-console.log('Express app started on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/session/redis.js
+++ b/examples/session/redis.js
@@ -10,13 +10,8 @@ var app = express();

 app.use(express.logger('dev'));

-// Required by session() middleware
-// pass the secret for signed cookies
-// (required by session())
-app.use(express.cookieParser('keyboard cat'));
-
 // Populates req.session
-app.use(express.session({ store: new RedisStore }));
+app.use(express.session({ store: new RedisStore, secret: 'keyboard cat' }));

 app.get('/', function(req, res){
  var body = '';
--- a/examples/vhost/index.js
+++ b/examples/vhost/index.js
@@ -1,32 +1,29 @@
-
 /**
 * Module dependencies.
 */

 var express = require('../..');

-// Edit /etc/vhosts
+/*
+edit /etc/hosts:

-// First app
+127.0.0.1       foo.example.com
+127.0.0.1       bar.example.com
+127.0.0.1       example.com
+*/

-var one = express();
+// Main server app

-one.use(express.logger());
+var main = express();

-one.get('/', function(req, res){
-  res.send('Hello from app one!')
+main.use(express.logger('dev'));
+
+main.get('/', function(req, res){
+  res.send('Hello from main app!')
 });

-one.get('/:sub', function(req, res){
-  res.send('requsted ' + req.params.sub);
-});
-
-// App two
-
-var two = express();
-
-two.get('/', function(req, res){
-  res.send('Hello from app two!')
+main.get('/:sub', function(req, res){
+  res.send('requested ' + req.params.sub);
 });

 // Redirect app
@@ -35,16 +32,18 @@ var redirect = express();

 redirect.all('*', function(req, res){
  console.log(req.subdomains);
-  res.redirect('http://localhost:3000/' + req.subdomains[0]);
+  res.redirect('http://example.com:3000/' + req.subdomains[0]);
 });

-// Main app
+// Vhost app

 var app = express();

-app.use(express.vhost('*.localhost', redirect))
-app.use(express.vhost('localhost', one));
-app.use(express.vhost('dev', two));
+app.use(express.vhost('*.example.com', redirect)) // Serves all subdomains via Redirect app
+app.use(express.vhost('example.com', main)); // Serves top level domain via Main server app 

-app.listen(3000);
-console.log('Express app started on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/view-constructor/github-view.js
+++ b/examples/view-constructor/github-view.js
@@ -0,0 +1,52 @@
+
+/**
+ * Module dependencies.
+ */
+
+var http = require('http')
+  , path = require('path')
+  , extname = path.extname
+
+/**
+ * Expose `GithubView`.
+ */
+
+module.exports = GithubView;
+
+/**
+ * Custom view that fetches and renders
+ * remove github templates. You could
+ * render templates from a database etc.
+ */
+
+function GithubView(name, options){
+  this.name = name;
+  options = options || {};
+  this.engine = options.engines[extname(name)];
+  // "root" is the app.set('views') setting, however
+  // in your own implementation you could ignore this
+  this.path = '/' + options.root + '/master/' + name;
+}
+
+/**
+ * Render the view.
+ */
+
+GithubView.prototype.render = function(options, fn){
+  var self = this;
+  var opts = {
+    host: 'raw.githubusercontent.com',
+    port: 443,
+    path: this.path,
+    method: 'GET'
+  };
+
+  https.request(opts, function(res) {
+    var buf = '';
+    res.setEncoding('utf8');
+    res.on('data', function(str){ buf += str });
+    res.on('end', function(){
+      self.engine(buf, options, fn);
+    });
+  }).end();
+};
--- a/examples/view-constructor/index.js
+++ b/examples/view-constructor/index.js
@@ -0,0 +1,48 @@
+
+/**
+ * Module dependencies.
+ */
+
+var express = require('../../')
+  , http = require('http')
+  , GithubView = require('./github-view')
+  , md = require('marked').parse;
+
+var app = module.exports = express();
+
+// register .md as an engine in express view system
+app.engine('md', function(str, options, fn){
+  try {
+    var html = md(str);
+    html = html.replace(/\{([^}]+)\}/g, function(_, name){
+      return options[name] || '';
+    })
+    fn(null, html);
+  } catch(err) {
+    fn(err);
+  }
+})
+
+// pointing to a particular github repo to load files from it
+app.set('views', 'strongloop/express');
+
+// register a new view constructor
+app.set('view', GithubView);
+
+app.get('/', function(req, res){
+  // rendering a view relative to the repo.
+  // app.locals, res.locals, and locals passed
+  // work like they normally would
+  res.render('examples/markdown/views/index.md', { title: 'Example' });
+})
+
+app.get('/Readme.md', function(req, res){
+  // rendering a view from https://github.com/strongloop/express/blob/master/Readme.md
+  res.render('Readme.md');
+})
+
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/view-locals/index.js
+++ b/examples/view-locals/index.js
@@ -142,5 +142,8 @@ app.all('/api/*', function(req, res, next){

 */

-app.listen(3000);
-console.log('Application listening on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/view-locals/layout.jade
+++ b/examples/view-locals/layout.jade
@@ -1,8 +1,8 @@
-doctype 5
+doctype html
 html
  head
    title= title
-    style
+    style.
      body {
        padding: 50px;
        font: 16px Helvetica, Arial;
--- a/examples/web-service/index.js
+++ b/examples/web-service/index.js
@@ -73,7 +73,7 @@ var apiKeys = ['foo', 'bar', 'baz'];
 // these two objects will serve as our faux database

 var repos = [
-    { name: 'express', url: 'http://github.com/visionmedia/express' }
+    { name: 'express', url: 'http://github.com/strongloop/express' }
  , { name: 'stylus', url: 'http://github.com/learnboost/stylus' }
  , { name: 'cluster', url: 'http://github.com/learnboost/cluster' }
 ];
@@ -109,7 +109,8 @@ app.get('/api/user/:name/repos', function(req, res, next){
  else next();
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
-  console.log('Express server listening on port 3000');
-}
+  console.log('Express started on port 3000');
+}
--- a/index.js
+++ b/index.js
@@ -1,4 +1,2 @@

-module.exports = process.env.EXPRESS_COV
-  ? require('./lib-cov/express')
-  : require('./lib/express');
+module.exports = require('./lib/express');
--- a/lib/application.js
+++ b/lib/application.js
@@ -8,13 +8,12 @@ var connect = require('connect')
  , middleware = require('./middleware')
  , debug = require('debug')('express:application')
  , locals = require('./utils').locals
+  , compileETag = require('./utils').compileETag
+  , compileTrust = require('./utils').compileTrust
  , View = require('./view')
-  , url = require('url')
  , utils = connect.utils
-  , path = require('path')
-  , http = require('http')
-  , join = path.join
-  , fs = require('fs');
+  , http = require('http');
+var deprecate = require('depd')('express');

 /**
 * Application prototype.
@@ -33,11 +32,9 @@ var app = exports = module.exports = {};
 */

 app.init = function(){
-  var self = this;
  this.cache = {};
  this.settings = {};
  this.engines = {};
-  this.viewCallbacks = [];
  this.defaultConfiguration();
 };

@@ -48,12 +45,15 @@ app.init = function(){
 */

 app.defaultConfiguration = function(){
-  var self = this;
-
  // default settings
  this.enable('x-powered-by');
-  this.set('env', process.env.NODE_ENV || 'development');
-  debug('booting in %s mode', this.get('env'));
+  this.set('etag', 'weak');
+  var env = process.env.NODE_ENV || 'development';
+  this.set('env', env);
+  this.set('subdomain offset', 2);
+  this.set('trust proxy', false);
+
+  debug('booting in %s mode', env);

  // implicit middleware
  this.use(connect.query());
@@ -64,6 +64,7 @@ app.defaultConfiguration = function(){
    this.request.__proto__ = parent.request;
    this.response.__proto__ = parent.response;
    this.engines.__proto__ = parent.engines;
+    this.settings.__proto__ = parent.settings;
  });

  // router
@@ -83,16 +84,17 @@ app.defaultConfiguration = function(){
  this.locals.settings = this.settings;

  // default configuration
+  this.set('view', View);
  this.set('views', process.cwd() + '/views');
  this.set('jsonp callback name', 'callback');

-  this.configure('development', function(){
+  if (env === 'development') {
    this.set('json spaces', 2);
-  });
+  }

-  this.configure('production', function(){
+  if (env === 'production') {
    this.enable('view cache');
-  });
+  }
 };

 /**
@@ -106,7 +108,7 @@ app.defaultConfiguration = function(){
 */

 app.use = function(route, fn){
-  var app, home, handle;
+  var app;

  // default route to '/'
  if ('string' != typeof route) fn = route, route = '/';
@@ -120,7 +122,6 @@ app.use = function(route, fn){
    fn = function(req, res, next) {
      var orig = req.app;
      app.handle(req, res, function(err){
-        req.app = res.app = orig;
        req.__proto__ = orig.request;
        res.__proto__ = orig.response;
        next(err);
@@ -165,7 +166,7 @@ app.use = function(route, fn){
 * [Consolidate.js](https://github.com/visionmedia/consolidate.js)
 * library was created to map all of node's popular template
 * engines to follow this convention, thus allowing them to
- * work seemlessly within Express.
+ * work seamlessly within Express.
 *
 * @param {String} ext
 * @param {Function} fn
@@ -188,7 +189,7 @@ app.engine = function(ext, fn){
 * could automatically load a user's information from the database without
 * any additional code,
 *
- * The callback uses the samesignature as middleware, the only differencing
+ * The callback uses the same signature as middleware, the only difference
 * being that the value of the placeholder is passed, in this case the _id_
 * of the user. Once the `next()` function is invoked, just like middleware
 * it will continue on to execute the route, or subsequent parameter functions.
@@ -247,22 +248,33 @@ app.param = function(name, fn){
 * Mounted servers inherit their parent server's settings.
 *
 * @param {String} setting
- * @param {String} val
+ * @param {*} [val]
 * @return {Server} for chaining
 * @api public
 */

 app.set = function(setting, val){
-  if (1 == arguments.length) {
-    if (this.settings.hasOwnProperty(setting)) {
-      return this.settings[setting];
-    } else if (this.parent) {
-      return this.parent.set(setting);
-    }
-  } else {
-    this.settings[setting] = val;
-    return this;
+  if (arguments.length === 1) {
+    // app.get(setting)
+    return this.settings[setting];
  }
+
+  // set value
+  this.settings[setting] = val;
+
+  // trigger matched settings
+  switch (setting) {
+    case 'etag':
+      debug('compile etag %s', val);
+      this.set('etag fn', compileETag(val));
+      break;
+    case 'trust proxy':
+      debug('compile trust proxy %s', val);
+      this.set('trust proxy fn', compileTrust(val));
+      break;
+  }
+
+  return this;
 };

 /**
@@ -401,17 +413,24 @@ app.configure = function(env, fn){
  return this;
 };

+app.configure = deprecate.function(app.configure,
+  'app.configure: Check app.get(\'env\') in an if statement');
+
 /**
- * Delegate `.VERB(...)` calls to `.route(VERB, ...)`.
+ * Delegate `.VERB(...)` calls to `router.VERB(...)`.
 */

 methods.forEach(function(method){
  app[method] = function(path){
-    if ('get' == method && 1 == arguments.length) return this.set(path); 
-    var args = [method].concat([].slice.call(arguments));
+    if ('get' == method && 1 == arguments.length) return this.set(path);
+
+    // if no router attached yet, attach the router
    if (!this._usedRouter) this.use(this.router);
-    return this._router.route.apply(this._router, args);
-  }
+
+    // setup route
+    this._router[method].apply(this._router, arguments);
+    return this;
+  };
 });

 /**
@@ -434,7 +453,7 @@ app.all = function(path){

 // del -> delete alias

-app.del = app.delete;
+app.del = deprecate.function(app.delete, 'app.del: Use app.delete instead');

 /**
 * Render the given view `name` name with `options`
@@ -454,8 +473,7 @@ app.del = app.delete;
 */

 app.render = function(name, options, fn){
-  var self = this
-    , opts = {}
+  var opts = {}
    , cache = this.cache
    , engines = this.engines
    , view;
@@ -484,14 +502,14 @@ app.render = function(name, options, fn){

  // view
  if (!view) {
-    view = new View(name, {
+    view = new (this.get('view'))(name, {
      defaultEngine: this.get('view engine'),
      root: this.get('views'),
      engines: engines
    });

    if (!view.path) {
-      var err = new Error('Failed to lookup view "' + name + '"');
+      var err = new Error('Failed to lookup view "' + name + '" in views directory "' + view.root + '"');
      err.view = view;
      return fn(err);
    }
--- a/lib/express.js
+++ b/lib/express.js
@@ -2,6 +2,8 @@
 * Module dependencies.
 */

+var deprecate = require('depd')('express');
+var merge = require('merge-descriptors');
 var connect = require('connect')
  , proto = require('./application')
  , Route = require('./router/route')
@@ -16,12 +18,6 @@ var connect = require('connect')

 exports = module.exports = createApplication;

-/**
- * Framework version.
- */
-
-exports.version = '3.0.0';
-
 /**
 * Expose mime.
 */
@@ -38,38 +34,32 @@ exports.mime = connect.mime;
 function createApplication() {
  var app = connect();
  utils.merge(app, proto);
-  app.request = { __proto__: req };
-  app.response = { __proto__: res };
+  app.request = { __proto__: req, app: app };
+  app.response = { __proto__: res, app: app };
  app.init();
  return app;
 }

 /**
 * Expose connect.middleware as express.*
- * for example `express.logger` etc. 
+ * for example `express.logger` etc.
 */

-for (var key in connect.middleware) {
-  Object.defineProperty(
-      exports
-    , key
-    , Object.getOwnPropertyDescriptor(connect.middleware, key));
-}
+merge(exports, connect.middleware);

 /**
- * Error on createServer().
+ * Deprecated createServer().
 */

-exports.createServer = function(){
-  console.warn('Warning: express.createServer() is deprecated, express');
-  console.warn('applications no longer inherit from http.Server,');
-  console.warn('please use:');
-  console.warn('');
-  console.warn('  var express = require("express");');
-  console.warn('  var app = express();');
-  console.warn('');
-  return createApplication();
-};
+exports.createServer = deprecate.function(createApplication,
+  'createServer() is deprecated\n' +
+  'express applications no longer inherit from http.Server\n' +
+  'please use:\n' +
+  '\n' +
+  '  var express = require("express");\n' +
+  '  var app = express();\n' +
+  '\n'
+);

 /**
 * Expose the prototypes.
--- a/lib/middleware.js
+++ b/lib/middleware.js
@@ -17,8 +17,7 @@ var utils = require('./utils');

 exports.init = function(app){
  return function expressInit(req, res, next){
-    req.app = res.app = app;
-    if (app.settings['x-powered-by']) res.setHeader('X-Powered-By', 'Express');
+    if (app.enabled('x-powered-by')) res.setHeader('X-Powered-By', 'Express');
    req.res = res;
    res.req = req;
    req.next = next;
--- a/lib/request.js
+++ b/lib/request.js
@@ -3,13 +3,17 @@
 * Module dependencies.
 */

+var auth = require('basic-auth');
+var deprecate = require('depd')('express');
 var http = require('http')
  , utils = require('./utils')
  , connect = require('connect')
  , fresh = require('fresh')
  , parseRange = require('range-parser')
-  , parse = connect.utils.parseUrl
+  , parse = require('parseurl')
+  , proxyaddr = require('proxy-addr')
  , mime = connect.mime;
+var isIP = require('net').isIP;

 /**
 * Request prototype.
@@ -29,21 +33,21 @@ var req = exports = module.exports = {
 *
 *     req.get('Content-Type');
 *     // => "text/plain"
- *     
+ *
 *     req.get('content-type');
 *     // => "text/plain"
- *     
+ *
 *     req.get('Something');
 *     // => undefined
 *
 * Aliased as `req.header()`.
 *
 * @param {String} name
- * @return {String} 
+ * @return {String}
 * @api public
 */

-req.get = 
+req.get =
 req.header = function(name){
  switch (name = name.toLowerCase()) {
    case 'referer':
@@ -63,11 +67,12 @@ req.header = function(name){
 * The `type` value may be a single mime type string
 * such as "application/json", the extension name
 * such as "json", a comma-delimted list such as "json, html, text/plain",
+ * an argument list such as `"json", "html", "text/plain"`,
 * or an array `["json", "html", "text/plain"]`. When a list
 * or array is given the _best_ match, if any is returned.
 *
 * Examples:
- * 
+ *
 *     // Accept: text/html
 *     req.accepts('html');
 *     // => "html"
@@ -89,6 +94,7 @@ req.header = function(name){
 *
 *     // Accept: text/*;q=.5, application/json
 *     req.accepts(['html', 'json']);
+ *     req.accepts('html', 'json');
 *     req.accepts('html, json');
 *     // => "json"
 *
@@ -98,7 +104,20 @@ req.header = function(name){
 */

 req.accepts = function(type){
-  return utils.accepts(type, this.get('Accept'));
+  var args = arguments.length > 1 ? [].slice.apply(arguments) : type;
+  return utils.accepts(args, this.get('Accept'));
+};
+
+/**
+ * Check if the given `encoding` is accepted.
+ *
+ * @param {String} encoding
+ * @return {Boolean}
+ * @api public
+ */
+
+req.acceptsEncoding = function(encoding){
+  return !! ~this.acceptedEncodings.indexOf(encoding);
 };

 /**
@@ -113,7 +132,7 @@ req.accepts = function(type){
 req.acceptsCharset = function(charset){
  var accepted = this.acceptedCharsets;
  return accepted.length
-    ? ~accepted.indexOf(charset)
+    ? !! ~accepted.indexOf(charset)
    : true;
 };

@@ -129,7 +148,7 @@ req.acceptsCharset = function(charset){
 req.acceptsLanguage = function(lang){
  var accepted = this.acceptedLanguages;
  return accepted.length
-    ? ~accepted.indexOf(lang)
+    ? !! ~accepted.indexOf(lang)
    : true;
 };

@@ -159,6 +178,24 @@ req.range = function(size){
  return parseRange(size, range);
 };

+/**
+ * Return an array of encodings.
+ *
+ * Examples:
+ *
+ *     ['gzip', 'deflate']
+ *
+ * @return {Array}
+ * @api public
+ */
+
+req.__defineGetter__('acceptedEncodings', function(){
+  var accept = this.get('Accept-Encoding');
+  return accept
+    ? accept.trim().split(/ *, */)
+    : [];
+});
+
 /**
 * Return an array of Accepted media types
 * ordered from highest quality to lowest.
@@ -202,7 +239,7 @@ req.__defineGetter__('acceptedLanguages', function(){
  var accept = this.get('Accept-Language');
  return accept
    ? utils
-      .parseQuality(accept)
+      .parseParams(accept)
      .map(function(obj){
        return obj.value;
      })
@@ -226,7 +263,7 @@ req.__defineGetter__('acceptedCharsets', function(){
  var accept = this.get('Accept-Charset');
  return accept
    ? utils
-      .parseQuality(accept)
+      .parseParams(accept)
      .map(function(obj){
        return obj.value;
      })
@@ -245,7 +282,7 @@ req.__defineGetter__('acceptedCharsets', function(){
 * the `connect.bodyParser()` middleware.
 *
 * @param {String} name
- * @param {Mixed} defaultValue
+ * @param {Mixed} [defaultValue]
 * @return {String}
 * @api public
 */
@@ -261,7 +298,7 @@ req.param = function(name, defaultValue){
 };

 /**
- * Check if the incoming request contains the "Content-Type" 
+ * Check if the incoming request contains the "Content-Type"
 * header field, and it contains the give mime `type`.
 *
 * Examples:
@@ -271,16 +308,16 @@ req.param = function(name, defaultValue){
 *      req.is('text/html');
 *      req.is('text/*');
 *      // => true
- *     
+ *
 *      // When Content-Type is application/json
 *      req.is('json');
 *      req.is('application/json');
 *      req.is('application/*');
 *      // => true
- *     
+ *
 *      req.is('html');
 *      // => false
- * 
+ *
 * @param {String} type
 * @return {Boolean}
 * @api public
@@ -303,23 +340,32 @@ req.is = function(type){

 /**
 * Return the protocol string "http" or "https"
- * when requested with TLS. When the "trust proxy" 
- * setting is enabled the "X-Forwarded-Proto" header
- * field will be trusted. If you're running behind
- * a reverse proxy that supplies https for you this
- * may be enabled.
+ * when requested with TLS. When the "trust proxy"
+ * setting trusts the socket address, the
+ * "X-Forwarded-Proto" header field will be trusted
+ * and used if present.
+ *
+ * If you're running behind a reverse proxy that
+ * supplies https for you this may be enabled.
 *
 * @return {String}
 * @api public
 */

 req.__defineGetter__('protocol', function(){
-  var trustProxy = this.app.get('trust proxy');
-  return this.connection.encrypted
+  var proto = this.connection.encrypted
    ? 'https'
-    : trustProxy
-      ? (this.get('X-Forwarded-Proto') || 'http')
-      : 'http';
+    : 'http';
+  var trust = this.app.get('trust proxy fn');
+
+  if (!trust(this.connection.remoteAddress)) {
+    return proto;
+  }
+
+  // Note: X-Forwarded-Proto is normally only ever a
+  //       single value, but this is to be safe.
+  proto = this.get('X-Forwarded-Proto') || proto;
+  return proto.split(/\s*,\s*/)[0];
 });

 /**
@@ -336,36 +382,36 @@ req.__defineGetter__('secure', function(){
 });

 /**
- * Return the remote address, or when
- * "trust proxy" is `true` return
- * the upstream addr.
+ * Return the remote address from the trusted proxy.
+ *
+ * The is the remote address on the socket unless
+ * "trust proxy" is set.
 *
 * @return {String}
 * @api public
 */

 req.__defineGetter__('ip', function(){
-  return this.ips[0] || this.connection.remoteAddress;
+  var trust = this.app.get('trust proxy fn');
+  return proxyaddr(this, trust);
 });

 /**
- * When "trust proxy" is `true`, parse
- * the "X-Forwarded-For" ip address list.
+ * When "trust proxy" is set, trusted proxy addresses + client.
 *
 * For example if the value were "client, proxy1, proxy2"
 * you would receive the array `["client", "proxy1", "proxy2"]`
- * where "proxy2" is the furthest down-stream.
+ * where "proxy2" is the furthest down-stream and "proxy1" and
+ * "proxy2" were trusted.
 *
 * @return {Array}
 * @api public
 */

 req.__defineGetter__('ips', function(){
-  var trustProxy = this.app.get('trust proxy');
-  var val = this.get('X-Forwarded-For');
-  return trustProxy && val
-    ? val.split(/ *, */)
-    : [];
+  var trust = this.app.get('trust proxy fn');
+  var addrs = proxyaddr.all(this, trust);
+  return addrs.slice(1).reverse();
 });

 /**
@@ -382,36 +428,41 @@ req.__defineGetter__('ips', function(){
 */

 req.__defineGetter__('auth', function(){
-  // missing
-  var auth = this.get('Authorization');
-  if (!auth) return;
-
-  // malformed
-  var parts = auth.split(' ');
-  if ('basic' != parts[0].toLowerCase()) return;
-  if (!parts[1]) return;
-  auth = parts[1];
+  deprecate('req.auth: Use basic-auth npm module instead');

  // credentials
-  auth = new Buffer(auth, 'base64').toString().split(':');
-  return { username: auth[0], password: auth[1] };
+  var creds = auth(this);
+  if (!creds) return;
+
+  return { username: creds.name, password: creds.pass };
 });

 /**
 * Return subdomains as an array.
 *
- * For example "tobi.ferrets.example.com"
- * would provide `["ferrets", "tobi"]`.
+ * Subdomains are the dot-separated parts of the host before the main domain of
+ * the app. By default, the domain of the app is assumed to be the last two
+ * parts of the host. This can be changed by setting "subdomain offset".
+ *
+ * For example, if the domain is "tobi.ferrets.example.com":
+ * If "subdomain offset" is not set, req.subdomains is `["ferrets", "tobi"]`.
+ * If "subdomain offset" is 3, req.subdomains is `["tobi"]`.
 *
 * @return {Array}
 * @api public
 */

 req.__defineGetter__('subdomains', function(){
-  return this.get('Host')
-    .split('.')
-    .slice(0, -2)
-    .reverse();
+  var host = this.host;
+
+  if (!host) return [];
+
+  var offset = this.app.get('subdomain offset');
+  var subdomains = !isIP(host)
+    ? host.split('.').reverse()
+    : [host];
+
+  return subdomains.slice(offset);
 });

 /**
@@ -428,12 +479,33 @@ req.__defineGetter__('path', function(){
 /**
 * Parse the "Host" header field hostname.
 *
+ * When the "trust proxy" setting trusts the socket
+ * address, the "X-Forwarded-Host" header field will
+ * be trusted.
+ *
 * @return {String}
 * @api public
 */

 req.__defineGetter__('host', function(){
-  return this.get('Host').split(':')[0];
+  var trust = this.app.get('trust proxy fn');
+  var host = this.get('X-Forwarded-Host');
+
+  if (!host || !trust(this.connection.remoteAddress)) {
+    host = this.get('Host');
+  }
+
+  if (!host) return;
+
+  // IPv6 literal support
+  var offset = host[0] === '['
+    ? host.indexOf(']') + 1
+    : 0;
+  var index = host.indexOf(':', offset);
+
+  return ~index
+    ? host.substring(0, index)
+    : host;
 });

 /**
--- a/lib/response.js
+++ b/lib/response.js
@@ -2,24 +2,25 @@
 * Module dependencies.
 */

-var fs = require('fs')
-  , http = require('http')
+var deprecate = require('depd')('express');
+var escapeHtml = require('escape-html');
+var parseUrl = require('parseurl');
+var vary = require('vary');
+var http = require('http')
  , path = require('path')
  , connect = require('connect')
  , utils = connect.utils
  , sign = require('cookie-signature').sign
  , normalizeType = require('./utils').normalizeType
  , normalizeTypes = require('./utils').normalizeTypes
-  , etag = require('./utils').etag
+  , setCharset = require('./utils').setCharset
  , statusCodes = http.STATUS_CODES
-  , send = connect.static.send
  , cookie = require('cookie')
  , send = require('send')
-  , crc = require('crc')
  , mime = connect.mime
+  , resolve = require('url').resolve
  , basename = path.basename
-  , extname = path.extname
-  , join = path.join;
+  , extname = path.extname;

 /**
 * Response prototype.
@@ -58,7 +59,9 @@ res.status = function(code){
 */

 res.links = function(links){
-  return this.set('Link', Object.keys(links).map(function(rel){
+  var link = this.get('Link') || '';
+  if (link) link += ', ';
+  return this.set('Link', link + Object.keys(links).map(function(rel){
    return '<' + links[rel] + '>; rel="' + rel + '"';
  }).join(', '));
 };
@@ -81,9 +84,14 @@ res.links = function(links){
 */

 res.send = function(body){
-  var req = this.req
-    , head = 'HEAD' == req.method
-    , len;
+  var req = this.req;
+  var head = 'HEAD' == req.method;
+  var type;
+  var encoding;
+  var len;
+
+  // settings
+  var app = this.app;

  // allow status / body
  if (2 == arguments.length) {
@@ -96,13 +104,15 @@ res.send = function(body){
    }
  }

+  // disambiguate res.send(status) and res.send(status, num)
+  if (typeof body === 'number' && arguments.length === 1) {
+    // res.send(status) will set status message as text string
+    this.get('Content-Type') || this.type('txt');
+    this.statusCode = body;
+    body = http.STATUS_CODES[body];
+  }
+
  switch (typeof body) {
-    // response status
-    case 'number':
-      this.get('Content-Type') || this.type('txt');
-      this.statusCode = body;
-      body = http.STATUS_CODES[body];
-      break;
    // string defaulting to html
    case 'string':
      if (!this.get('Content-Type')) {
@@ -111,6 +121,7 @@ res.send = function(body){
      }
      break;
    case 'boolean':
+    case 'number':
    case 'object':
      if (null == body) {
        body = '';
@@ -122,18 +133,31 @@ res.send = function(body){
      break;
  }

+  // write strings in utf-8
+  if ('string' === typeof body) {
+    encoding = 'utf8';
+    type = this.get('Content-Type');
+
+    // reflect this in content-type
+    if ('string' === typeof type) {
+      this.set('Content-Type', setCharset(type, 'utf-8'));
+    }
+  }
+
  // populate Content-Length
  if (undefined !== body && !this.get('Content-Length')) {
-    this.set('Content-Length', len = Buffer.isBuffer(body)
+    len = Buffer.isBuffer(body)
      ? body.length
-      : Buffer.byteLength(body));
+      : Buffer.byteLength(body, encoding);
+    this.set('Content-Length', len);
  }

  // ETag support
-  // TODO: W/ support
-  if (len > 1024) {
+  var etag = len !== undefined && app.get('etag fn');
+  if (etag && ('GET' === req.method || 'HEAD' === req.method)) {
    if (!this.get('ETag')) {
-      this.set('ETag', etag(body));
+      etag = etag(body, encoding);
+      etag && this.set('ETag', etag);
    }
  }

@@ -144,11 +168,13 @@ res.send = function(body){
  if (204 == this.statusCode || 304 == this.statusCode) {
    this.removeHeader('Content-Type');
    this.removeHeader('Content-Length');
+    this.removeHeader('Transfer-Encoding');
    body = '';
  }

  // respond
-  this.end(head ? null : body);
+  this.end((head ? null : body), encoding);
+
  return this;
 };

@@ -174,6 +200,11 @@ res.json = function(obj){
    // res.json(body, status) backwards compat
    if ('number' == typeof arguments[1]) {
      this.statusCode = arguments[1];
+      if (typeof obj === 'number') {
+        deprecate('res.json(obj, status): Use res.json(status, obj) instead');
+      } else {
+        deprecate('res.json(num, status): Use res.status(status).json(num) instead');
+      }
    } else {
      this.statusCode = obj;
      obj = arguments[1];
@@ -189,7 +220,7 @@ res.json = function(obj){
  // content-type
  this.charset = this.charset || 'utf-8';
  this.get('Content-Type') || this.set('Content-Type', 'application/json');
-  
+
  return this.send(body);
 };

@@ -215,6 +246,11 @@ res.jsonp = function(obj){
    // res.json(body, status) backwards compat
    if ('number' == typeof arguments[1]) {
      this.statusCode = arguments[1];
+      if (typeof obj === 'number') {
+        deprecate('res.jsonp(obj, status): Use res.jsonp(status, obj) instead');
+      } else {
+        deprecate('res.jsonp(num, status): Use res.status(status).jsonp(num) instead');
+      }
    } else {
      this.statusCode = obj;
      obj = arguments[1];
@@ -229,14 +265,34 @@ res.jsonp = function(obj){
  var callback = this.req.query[app.get('jsonp callback name')];

  // content-type
-  this.charset = this.charset || 'utf-8';
-  this.set('Content-Type', 'application/json');
-  
+  if (!this.get('Content-Type')) {
+    this.charset = 'utf-8';
+    this.set('X-Content-Type-Options', 'nosniff');
+    this.set('Content-Type', 'application/json');
+  }
+
+  // fixup callback
+  if (Array.isArray(callback)) {
+    callback = callback[0];
+  }
+
  // jsonp
-  if (callback) {
+  if (typeof callback === 'string' && callback.length !== 0) {
+    this.charset = 'utf-8';
+    this.set('X-Content-Type-Options', 'nosniff');
    this.set('Content-Type', 'text/javascript');
-    var cb = callback.replace(/[^\[\]\w$.]/g, '');
-    body = cb + ' && ' + cb + '(' + body + ');';
+
+    // restrict callback charset
+    callback = callback.replace(/[^\[\]\w$.]/g, '');
+
+    // replace chars not allowed in JavaScript that are in JSON
+    body = body
+      .replace(/\u2028/g, '\\u2028')
+      .replace(/\u2029/g, '\\u2029');
+
+    // the /**/ is a specific security mitigation for "Rosetta Flash JSONP abuse"
+    // the typeof check is just to reduce client error noise
+    body = '/**/ typeof ' + callback + ' === \'function\' && ' + callback + '(' + body + ');';
  }

  return this.send(body);
@@ -244,7 +300,7 @@ res.jsonp = function(obj){

 /**
 * Transfer the file at the given `path`.
- * 
+ *
 * Automatically sets the _Content-Type_ response header field.
 * The callback `fn(err)` is invoked when the transfer is complete
 * or when an error occurs. Be sure to check `res.sentHeader`
@@ -253,8 +309,11 @@ res.jsonp = function(obj){
 *
 * Options:
 *
- *   - `maxAge` defaulting to 0
- *   - `root`   root directory for relative filenames
+ *   - `maxAge`   defaulting to 0
+ *   - `root`     root directory for relative filenames
+ *   - `dotfiles` serve dotfiles, defaulting to false; can be `"allow"` to send them
+ *
+ * Other options are passed along to `send`.
 *
 * Examples:
 *
@@ -266,7 +325,7 @@ res.jsonp = function(obj){
 *     app.get('/user/:uid/photos/:file', function(req, res){
 *       var uid = req.params.uid
 *         , file = req.params.file;
- *     
+ *
 *       req.user.mayViewFilesFrom(uid, function(yes){
 *         if (yes) {
 *           res.sendfile('/uploads/' + uid + '/' + file);
@@ -305,23 +364,23 @@ res.sendfile = function(path, options, fn){

    // clean up
    cleanup();
-    if (!self.headerSent) self.removeHeader('Content-Disposition');
+    if (!self.headersSent) self.removeHeader('Content-Disposition');

    // callback available
    if (fn) return fn(err);

    // list in limbo if there's no callback
-    if (self.headerSent) return;
+    if (self.headersSent) return;

    // delegate
    next(err);
  }

  // streaming
-  function stream() {
+  function stream(stream) {
    if (done) return;
    cleanup();
-    if (fn) self.on('finish', fn);
+    if (fn) stream.on('end', fn);
  }

  // cleanup
@@ -330,9 +389,7 @@ res.sendfile = function(path, options, fn){
  }

  // transfer
-  var file = send(req, path);
-  if (options.root) file.root(options.root);
-  file.maxage(options.maxAge || 0);
+  var file = send(req, path, options);
  file.on('error', error);
  file.on('directory', next);
  file.on('stream', stream);
@@ -346,7 +403,7 @@ res.sendfile = function(path, options, fn){
 * Optionally providing an alternate attachment `filename`,
 * and optional callback `fn(err)`. The callback is invoked
 * when the data transfer is complete, or when an error has
- * ocurred. Be sure to check `res.headerSent` if you plan to respond.
+ * ocurred. Be sure to check `res.headersSent` if you plan to respond.
 *
 * This method uses `res.sendfile()`.
 *
@@ -411,11 +468,11 @@ res.type = function(type){
 *      'text/plain': function(){
 *        res.send('hey');
 *      },
- *    
+ *
 *      'text/html': function(){
 *        res.send('<p>hey</p>');
 *      },
- *    
+ *
 *      'appliation/json': function(){
 *        res.send({ message: 'hey' });
 *      }
@@ -428,11 +485,11 @@ res.type = function(type){
 *      text: function(){
 *        res.send('hey');
 *      },
- *    
+ *
 *      html: function(){
 *        res.send('<p>hey</p>');
 *      },
- *    
+ *
 *      json: function(){
 *        res.send({ message: 'hey' });
 *      }
@@ -459,17 +516,20 @@ res.format = function(obj){

  var key = req.accepts(keys);

-  this.set('Vary', 'Accept');
+  this.vary("Accept");

  if (key) {
-    this.set('Content-Type', normalizeType(key));
+    var type = normalizeType(key).value;
+    var charset = mime.charsets.lookup(type);
+    if (charset) type += '; charset=' + charset;
+    this.set('Content-Type', type);
    obj[key](req, this, next);
  } else if (fn) {
    fn();
  } else {
    var err = new Error('Not Acceptable');
    err.status = 406;
-    err.types = normalizeTypes(keys);
+    err.types = normalizeTypes(keys).map(function(o){ return o.value });
    next(err);
  }

@@ -498,24 +558,27 @@ res.attachment = function(filename){
 *
 * Examples:
 *
+ *    res.set('Foo', ['bar', 'baz']);
 *    res.set('Accept', 'application/json');
 *    res.set({ Accept: 'text/plain', 'X-API-Key': 'tobi' });
 *
- * Aliased as `res.header()`. 
+ * Aliased as `res.header()`.
 *
- * @param {String|Object} field
+ * @param {String|Object|Array} field
 * @param {String} val
 * @return {ServerResponse} for chaining
 * @api public
 */

-res.set = 
+res.set =
 res.header = function(field, val){
  if (2 == arguments.length) {
-    this.setHeader(field, '' + val);
+    if (Array.isArray(val)) val = val.map(String);
+    else val = String(val);
+    this.setHeader(field, val);
  } else {
    for (var key in field) {
-      this.setHeader(key, '' + field[key]);
+      this.set(key, field[key]);
    }
  }
  return this;
@@ -573,56 +636,99 @@ res.clearCookie = function(name, options){
 */

 res.cookie = function(name, val, options){
-  options = options || {};
+  options = utils.merge({}, options);
  var secret = this.req.secret;
  var signed = options.signed;
  if (signed && !secret) throw new Error('connect.cookieParser("secret") required for signed cookies');
+  if ('number' == typeof val) val = val.toString();
  if ('object' == typeof val) val = 'j:' + JSON.stringify(val);
  if (signed) val = 's:' + sign(val, secret);
-  if ('maxAge' in options) options.expires = new Date(Date.now() + options.maxAge);
+  if ('maxAge' in options) {
+    options.expires = new Date(Date.now() + options.maxAge);
+    options.maxAge /= 1000;
+  }
  if (null == options.path) options.path = '/';
  this.set('Set-Cookie', cookie.serialize(name, String(val), options));
  return this;
 };

+
+/**
+ * Set the location header to `url`.
+ *
+ * The given `url` can also be "back", which redirects
+ * to the _Referrer_ or _Referer_ headers or "/".
+ *
+ * Examples:
+ *
+ *    res.location('/foo/bar').;
+ *    res.location('http://example.com');
+ *    res.location('../login'); // /blog/post/1 -> /blog/login
+ *
+ * Mounting:
+ *
+ *   When an application is mounted and `res.location()`
+ *   is given a path that does _not_ lead with "/" it becomes
+ *   relative to the mount-point. For example if the application
+ *   is mounted at "/blog", the following would become "/blog/login".
+ *
+ *      res.location('login');
+ *
+ *   While the leading slash would result in a location of "/login":
+ *
+ *      res.location('/login');
+ *
+ * @param {String} url
+ * @api public
+ */
+
+res.location = function(url){
+  var app = this.app
+    , req = this.req
+    , path;
+
+  // "back" is an alias for the referrer
+  if ('back' == url) url = req.get('Referrer') || '/';
+
+  // relative
+  if (!~url.indexOf('://') && 0 != url.indexOf('//')) {
+    // relative to path
+    if ('.' == url[0]) {
+      path = parseUrl.original(req).pathname;
+      path = path + ('/' == path[path.length - 1] ? '' : '/');
+      url = resolve(path, url);
+      // relative to mount-point
+    } else if ('/' != url[0]) {
+      path = app.path();
+      url = path + '/' + url;
+    }
+  }
+
+  // Respond
+  this.set('Location', url);
+  return this;
+};
+
 /**
 * Redirect to the given `url` with optional response `status`
 * defaulting to 302.
 *
- * The given `url` can also be the name of a mapped url, for
- * example by default express supports "back" which redirects
- * to the _Referrer_ or _Referer_ headers or "/".
+ * The resulting `url` is determined by `res.location()`, so
+ * it will play nicely with mounted apps, relative paths,
+ * `"back"` etc.
 *
 * Examples:
 *
 *    res.redirect('/foo/bar');
 *    res.redirect('http://example.com');
 *    res.redirect(301, 'http://example.com');
- *    res.redirect('http://example.com', 301);
 *    res.redirect('../login'); // /blog/post/1 -> /blog/login
 *
- * Mounting:
- *
- *   When an application is mounted, and `res.redirect()`
- *   is given a path that does _not_ lead with "/". For 
- *   example suppose a "blog" app is mounted at "/blog",
- *   the following redirect would result in "/blog/login":
- *
- *      res.redirect('login');
- *
- *   While the leading slash would result in a redirect to "/login":
- *
- *      res.redirect('/login');
- *
- * @param {String} url
- * @param {Number} code
 * @api public
 */

 res.redirect = function(url){
-  var app = this.app
-    , req = this.req
-    , head = 'HEAD' == req.method
+  var head = 'HEAD' == this.req.method
    , status = 302
    , body;

@@ -632,37 +738,23 @@ res.redirect = function(url){
      status = url;
      url = arguments[1];
    } else {
+      deprecate('res.redirect(ur, status): Use res.redirect(status, url) instead');
      status = arguments[1];
    }
  }

-  // setup redirect map
-  var map = { back: req.get('Referrer') || '/' };
-
-  // perform redirect
-  url = map[url] || url;
-
-  // relative
-  if (!~url.indexOf('://') && 0 != url.indexOf('//')) {
-    var path = app.path();
-
-    // relative to path
-    if ('.' == url[0]) {
-      url = req.path + '/' + url;
-    // relative to mount-point
-    } else if ('/' != url[0]) {
-      url = path + '/' + url;
-    }
-  }
+  // Set location header
+  this.location(url);
+  url = this.get('Location');

  // Support text/{plain,html} by default
  this.format({
    text: function(){
-      body = statusCodes[status] + '. Redirecting to ' + url;
+      body = statusCodes[status] + '. Redirecting to ' + encodeURI(url);
    },

    html: function(){
-      var u = utils.escape(url);
+      var u = escapeHtml(url);
      body = '<p>' + statusCodes[status] + '. Redirecting to <a href="' + u + '">' + u + '</a></p>';
    },

@@ -673,11 +765,29 @@ res.redirect = function(url){

  // Respond
  this.statusCode = status;
-  this.set('Location', url);
  this.set('Content-Length', Buffer.byteLength(body));
  this.end(head ? null : body);
 };

+/**
+ * Add `field` to Vary. If already present in the Vary set, then
+ * this call is simply ignored.
+ *
+ * @param {Array|String} field
+ * @param {ServerResponse} for chaining
+ * @api public
+ */
+
+res.vary = function(field){
+  // checks for back-compat
+  if (!field) return this;
+  if (Array.isArray(field) && !field.length) return this;
+
+  vary(this, field);
+
+  return this;
+};
+
 /**
 * Render `view` with the given `options` and optional callback `fn`.
 * When a callback function is given a response will _not_ be made
@@ -716,4 +826,4 @@ res.render = function(view, options, fn){

  // render
  app.render(view, options, fn);
-};
+};
--- a/lib/router/index.js
+++ b/lib/router/index.js
@@ -2,11 +2,11 @@
 * Module dependencies.
 */

-var Route = require('./route')
-  , utils = require('../utils')
-  , debug = require('debug')('express:router')
-  , parse = require('connect').utils.parseUrl
-  , methods = require('methods');
+var Route = require('./route');
+var utils = require('../utils');
+var methods = require('methods');
+var debug = require('debug')('express:router');
+var parseUrl = require('parseurl');

 /**
 * Expose `Router` constructor.
@@ -16,7 +16,7 @@ exports = module.exports = Router;

 /**
 * Initialize a new `Router` with the given `options`.
- * 
+ *
 * @param {Object} options
 * @api private
 */
@@ -93,8 +93,7 @@ Router.prototype._dispatch = function(req, res, next){
      , paramVal
      , route
      , keys
-      , key
-      , ret;
+      , key;

    // match next route
    function nextRoute(err) {
@@ -104,6 +103,9 @@ Router.prototype._dispatch = function(req, res, next){
    // match route
    req.route = route = self.matchRequest(req, i);

+    // implied OPTIONS
+    if (!route && 'OPTIONS' == req.method) return self._options(req, res, next);
+
    // no route
    if (!route) return next(err);
    debug('matched %s %s', route.method, route.path);
@@ -141,7 +143,7 @@ Router.prototype._dispatch = function(req, res, next){
    };

    param(err);
-    
+
    // single param callbacks
    function paramCallback(err) {
      var fn = paramCallbacks[paramIndex++];
@@ -171,6 +173,42 @@ Router.prototype._dispatch = function(req, res, next){
  })(0);
 };

+/**
+ * Respond to __OPTIONS__ method.
+ *
+ * @param {IncomingMessage} req
+ * @param {ServerResponse} res
+ * @api private
+ */
+
+Router.prototype._options = function(req, res, next){
+  var path = parseUrl(req).pathname
+    , body = this._optionsFor(path).join(',');
+  if (!body) return next();
+  res.set('Allow', body).send(body);
+};
+
+/**
+ * Return an array of HTTP verbs or "options" for `path`.
+ *
+ * @param {String} path
+ * @return {Array}
+ * @api private
+ */
+
+Router.prototype._optionsFor = function(path){
+  var self = this;
+  return methods.filter(function(method){
+    var routes = self.map[method];
+    if (!routes || 'options' == method) return;
+    for (var i = 0, len = routes.length; i < len; ++i) {
+      if (routes[i].match(path)) return true;
+    }
+  }).map(function(method){
+    return method.toUpperCase();
+  });
+};
+
 /**
 * Attempt to match a route for `req`
 * with optional starting index of `i`
@@ -184,7 +222,7 @@ Router.prototype._dispatch = function(req, res, next){

 Router.prototype.matchRequest = function(req, i, head){
  var method = req.method.toLowerCase()
-    , url = parse(req)
+    , url = parseUrl(req)
    , path = url.pathname
    , routes = this.map
    , i = i || 0
@@ -245,14 +283,39 @@ Router.prototype.route = function(method, path, callbacks){
  // ensure path was given
  if (!path) throw new Error('Router#' + method + '() requires a path');

+  // ensure all callbacks are functions
+  callbacks.forEach(function(fn){
+    if ('function' == typeof fn) return;
+    var type = {}.toString.call(fn);
+    var msg = '.' + method + '() requires callback functions but got a ' + type;
+    throw new Error(msg);
+  });
+
  // create the route
  debug('defined %s %s', method, path);
  var route = new Route(method, path, callbacks, {
-      sensitive: this.caseSensitive
-    , strict: this.strict
+    sensitive: this.caseSensitive,
+    strict: this.strict
  });

  // add it
  (this.map[method] = this.map[method] || []).push(route);
  return this;
 };
+
+Router.prototype.all = function(path) {
+  var self = this;
+  var args = [].slice.call(arguments);
+  methods.forEach(function(method){
+      self.route.apply(self, [method].concat(args));
+  });
+  return this;
+};
+
+methods.forEach(function(method){
+  Router.prototype[method] = function(path){
+    var args = [method].concat([].slice.call(arguments));
+    this.route.apply(this, args);
+    return this;
+  };
+});
--- a/lib/router/route.js
+++ b/lib/router/route.js
@@ -57,9 +57,15 @@ Route.prototype.match = function(path){
  for (var i = 1, len = m.length; i < len; ++i) {
    var key = keys[i - 1];

-    var val = 'string' == typeof m[i]
-      ? decodeURIComponent(m[i])
-      : m[i];
+    try {
+      var val = 'string' == typeof m[i]
+        ? decodeURIComponent(m[i])
+        : m[i];
+    } catch(e) {
+      var err = new Error("Failed to decode param '" + m[i] + "'");
+      err.status = 400;
+      throw err;
+    }

    if (key) {
      params[key.name] = val;
--- a/lib/utils.js
+++ b/lib/utils.js
@@ -3,36 +3,73 @@
 * Module dependencies.
 */

+var crc = require('crc').crc32;
 var mime = require('connect').mime
-  , crc = require('crc');
+  , proxyaddr = require('proxy-addr')
+  , crypto = require('crypto');
+var typer = require('media-typer');

 /**
- * Return ETag for `body`.
+ * toString ref.
+ */
+
+var toString = {}.toString;
+
+/**
+ * Return strong ETag for `body`.
 *
 * @param {String|Buffer} body
+ * @param {String} [encoding]
 * @return {String}
 * @api private
 */

-exports.etag = function(body){
-  return '"' + (Buffer.isBuffer(body)
-    ? crc.buffer.crc32(body)
-    : crc.crc32(body)) + '"';
+exports.etag = function etag(body, encoding){
+  if (body.length === 0) {
+    // fast-path empty body
+    return '"1B2M2Y8AsgTpgAmY7PhCfg=="'
+  }
+
+  var hash = crypto
+    .createHash('md5')
+    .update(body, encoding)
+    .digest('base64')
+  return '"' + hash + '"'
+};
+
+/**
+ * Return weak ETag for `body`.
+ *
+ * @param {String|Buffer} body
+ * @param {String} [encoding]
+ * @return {String}
+ * @api private
+ */
+
+exports.wetag = function wetag(body, encoding){
+  if (body.length === 0) {
+    // fast-path empty body
+    return 'W/"0-0"'
+  }
+
+  var buf = Buffer.isBuffer(body)
+    ? body
+    : new Buffer(body, encoding)
+  var len = buf.length
+  return 'W/"' + len.toString(16) + '-' + crc(buf) + '"'
 };

 /**
 * Make `locals()` bound to the given `obj`.
- *  
- * This is used for `app.locals` and `res.locals`. 
+ *
+ * This is used for `app.locals` and `res.locals`.
 *
 * @param {Object} obj
 * @return {Function}
 * @api private
 */

-exports.locals = function(obj){
-  obj.viewCallbacks = obj.viewCallbacks || [];
-
+exports.locals = function(){
  function locals(obj){
    for (var key in obj) locals[key] = obj[key];
    return obj;
@@ -52,6 +89,7 @@ exports.locals = function(obj){
 exports.isAbsolute = function(path){
  if ('/' == path[0]) return true;
  if (':' == path[1] && '\\' == path[2]) return true;
+  if ('\\\\' == path.substring(0, 2)) return true; // Microsoft Azure absolute path
 };

 /**
@@ -79,12 +117,14 @@ exports.flatten = function(arr, ret){
 * Normalize the given `type`, for example "html" becomes "text/html".
 *
 * @param {String} type
- * @return {String}
+ * @return {Object}
 * @api private
 */

 exports.normalizeType = function(type){
-  return ~type.indexOf('/') ? type : mime.lookup(type);
+  return ~type.indexOf('/')
+    ? acceptParams(type)
+    : { value: mime.lookup(type), params: {} };
 };

 /**
@@ -99,9 +139,7 @@ exports.normalizeTypes = function(types){
  var ret = [];

  for (var i = 0; i < types.length; ++i) {
-    ret.push(~types[i].indexOf('/')
-      ? types[i]
-      : mime.lookup(types[i]));
+    ret.push(exports.normalizeType(types[i]));
  }

  return ret;
@@ -127,7 +165,7 @@ exports.acceptsArray = function(types, str){

  for (var i = 0; i < len; ++i) {
    for (var j = 0, jlen = types.length; j < jlen; ++j) {
-      if (exports.accept(normalized[j].split('/'), accepted[i])) {
+      if (exports.accept(normalized[j], accepted[i])) {
        return types[j];
      }
    }
@@ -152,17 +190,34 @@ exports.accepts = function(type, str){
 /**
 * Check if `type` array is acceptable for `other`.
 *
- * @param {Array} type
+ * @param {Object} type
 * @param {Object} other
 * @return {Boolean}
 * @api private
 */

 exports.accept = function(type, other){
-  return (type[0] == other.type || '*' == other.type)
-    && (type[1] == other.subtype || '*' == other.subtype);
+  var t = type.value.split('/');
+  return (t[0] == other.type || '*' == other.type)
+    && (t[1] == other.subtype || '*' == other.subtype)
+    && paramsEqual(type.params, other.params);
 };

+/**
+ * Check if accept params are equal.
+ *
+ * @param {Object} a
+ * @param {Object} b
+ * @return {Boolean}
+ * @api private
+ */
+
+function paramsEqual(a, b){
+  return !Object.keys(a).some(function(k) {
+    return a[k] != b[k];
+  });
+}
+
 /**
 * Parse accept `str`, returning
 * an array objects containing
@@ -177,7 +232,7 @@ exports.accept = function(type, other){

 exports.parseAccept = function(str){
  return exports
-    .parseQuality(str)
+    .parseParams(str)
    .map(function(obj){
      var parts = obj.value.split('/');
      obj.type = parts[0];
@@ -188,62 +243,56 @@ exports.parseAccept = function(str){

 /**
 * Parse quality `str`, returning an
- * array of objects with `.value` and
- * `.quality`.
+ * array of objects with `.value`,
+ * `.quality` and optional `.params`
 *
- * @param {Type} name
- * @return {Type}
+ * @param {String} str
+ * @return {Array}
 * @api private
 */

-exports.parseQuality = function(str){
+exports.parseParams = function(str){
  return str
    .split(/ *, */)
-    .map(quality)
+    .map(acceptParams)
    .filter(function(obj){
      return obj.quality;
    })
    .sort(function(a, b){
-      return b.quality - a.quality;
+      if (a.quality === b.quality) {
+        return a.originalIndex - b.originalIndex;
+      } else {
+        return b.quality - a.quality;
+      }
    });
 };

 /**
- * Parse quality `str` returning an
- * object with `.value` and `.quality`.
+ * Parse accept params `str` returning an
+ * object with `.value`, `.quality` and `.params`.
+ * also includes `.originalIndex` for stable sorting
 *
 * @param {String} str
 * @return {Object}
 * @api private
 */

-function quality(str) {
-  var parts = str.split(/ *; */)
-    , val = parts[0];
+function acceptParams(str, index) {
+  var parts = str.split(/ *; */);
+  var ret = { value: parts[0], quality: 1, params: {}, originalIndex: index };

-  var q = parts[1]
-    ? parseFloat(parts[1].split(/ *= */)[1])
-    : 1;
+  for (var i = 1; i < parts.length; ++i) {
+    var pms = parts[i].split(/ *= */);
+    if ('q' == pms[0]) {
+      ret.quality = parseFloat(pms[1]);
+    } else {
+      ret.params[pms[0]] = pms[1];
+    }
+  }

-  return { value: val, quality: q };
+  return ret;
 }

-/**
- * Escape special characters in the given string of html.
- *
- * @param  {String} html
- * @return {String}
- * @api private
- */
-
-exports.escape = function(html) {
-  return String(html)
-    .replace(/&/g, '&amp;')
-    .replace(/"/g, '&quot;')
-    .replace(/</g, '&lt;')
-    .replace(/>/g, '&gt;');
-};
-
 /**
 * Normalize the given path string,
 * returning a regular expression.
@@ -262,7 +311,7 @@ exports.escape = function(html) {
 */

 exports.pathRegexp = function(path, keys, sensitive, strict) {
-  if (path instanceof RegExp) return path;
+  if (toString.call(path) == '[object RegExp]') return path;
  if (Array.isArray(path)) path = '(' + path.join('|') + ')';
  path = path
    .concat(strict ? '' : '/?')
@@ -281,4 +330,89 @@ exports.pathRegexp = function(path, keys, sensitive, strict) {
    .replace(/([\/.])/g, '\\$1')
    .replace(/\*/g, '(.*)');
  return new RegExp('^' + path + '$', sensitive ? '' : 'i');
-}
+}
+
+/**
+ * Compile "etag" value to function.
+ *
+ * @param  {Boolean|String|Function} val
+ * @return {Function}
+ * @api private
+ */
+
+exports.compileETag = function(val) {
+  var fn;
+
+  if (typeof val === 'function') {
+    return val;
+  }
+
+  switch (val) {
+    case true:
+      fn = exports.wetag;
+      break;
+    case false:
+      break;
+    case 'strong':
+      fn = exports.etag;
+      break;
+    case 'weak':
+      fn = exports.wetag;
+      break;
+    default:
+      throw new TypeError('unknown value for etag function: ' + val);
+  }
+
+  return fn;
+}
+
+/**
+ * Compile "proxy trust" value to function.
+ *
+ * @param  {Boolean|String|Number|Array|Function} val
+ * @return {Function}
+ * @api private
+ */
+
+exports.compileTrust = function(val) {
+  if (typeof val === 'function') return val;
+
+  if (val === true) {
+    // Support plain true/false
+    return function(){ return true };
+  }
+
+  if (typeof val === 'number') {
+    // Support trusting hop count
+    return function(a, i){ return i < val };
+  }
+
+  if (typeof val === 'string') {
+    // Support comma-separated values
+    val = val.split(/ *, */);
+  }
+
+  return proxyaddr.compile(val || []);
+}
+
+/**
+ * Set the charset in a given Content-Type string.
+ *
+ * @param {String} type
+ * @param {String} charset
+ * @return {String}
+ * @api private
+ */
+
+exports.setCharset = function(type, charset){
+  if (!type || !charset) return type;
+
+  // parse type
+  var parsed = typer.parse(type);
+
+  // set charset
+  parsed.parameters.charset = charset;
+
+  // format type
+  return typer.format(parsed);
+};
--- a/lib/view.js
+++ b/lib/view.js
@@ -8,7 +8,7 @@ var path = require('path')
  , dirname = path.dirname
  , basename = path.basename
  , extname = path.extname
-  , exists = fs.existsSync || path.existsSync 
+  , exists = fs.existsSync || path.existsSync
  , join = path.join;

 /**
@@ -22,9 +22,9 @@ module.exports = View;
 *
 * Options:
 *
- *   - `defaultEngine` the default template engine name 
- *   - `engines` template engine require() cache 
- *   - `root` root path for view lookup 
+ *   - `defaultEngine` the default template engine name
+ *   - `engines` template engine require() cache
+ *   - `root` root path for view lookup
 *
 * @param {String} name
 * @param {Object} options
@@ -38,7 +38,8 @@ function View(name, options) {
  var engines = options.engines;
  this.defaultEngine = options.defaultEngine;
  var ext = this.ext = extname(name);
-  if (!ext) name += (ext = this.ext = '.' + this.defaultEngine);
+  if (!ext && !this.defaultEngine) throw new Error('No default engine was specified and no extension was provided.');
+  if (!ext) name += (ext = this.ext = ('.' != this.defaultEngine[0] ? '.' : '') + this.defaultEngine);
  this.engine = engines[ext] || (engines[ext] = require(ext.slice(1)).__express);
  this.path = this.lookup(name);
 }
--- a/package.json
+++ b/package.json
@@ -1,38 +1,16 @@
 {
  "name": "express",
  "description": "Sinatra inspired web development framework",
-  "version": "3.0.1",
+  "version": "3.17.4",
  "author": "TJ Holowaychuk <tj@vision-media.ca>",
-  "contributors": [ 
-    { "name": "TJ Holowaychuk", "email": "tj@vision-media.ca" }, 
-    { "name": "Aaron Heckmann", "email": "aaron.heckmann+github@gmail.com" },
-    { "name": "Ciaran Jessup", "email": "ciaranj@gmail.com" },
-    { "name": "Guillermo Rauch", "email": "rauchg@gmail.com" }
+  "contributors": [
+    "Aaron Heckmann <aaron.heckmann+github@gmail.com>",
+    "Ciaran Jessup <ciaranj@gmail.com>",
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "Guillermo Rauch <rauchg@gmail.com>",
+    "Jonathan Ong <me@jongleberry.com>",
+    "Roman Shtylman <shtylman+expressjs@gmail.com"
  ],
-  "dependencies": {
-    "connect": "2.6.2",
-    "commander": "0.6.1",
-    "range-parser": "0.0.4",
-    "mkdirp": "0.3.3",
-    "cookie": "0.0.4",
-    "crc": "0.2.0",
-    "fresh": "0.1.0",
-    "methods": "0.0.1",
-    "send": "0.1.0",
-    "cookie-signature": "0.0.1",
-    "debug": "*"
-  },
-  "devDependencies": {
-    "ejs": "*",
-    "mocha": "*",
-    "jade": "*",
-    "hjs": "*",
-    "stylus": "*",
-    "should": "*",
-    "connect-redis": "*",
-    "github-flavored-markdown": "*",
-    "supertest": "0.0.1"
-  },
  "keywords": [
    "express",
    "framework",
@@ -44,13 +22,52 @@
    "app",
    "api"
  ],
-  "repository": "git://github.com/visionmedia/express",
-  "main": "index",
-  "bin": { "express": "./bin/express" },
-  "scripts": {
-    "prepublish" : "npm prune",
-    "test": "make test"
+  "repository": "strongloop/express",
+  "license": "MIT",
+  "homepage": "http://expressjs.com/",
+  "dependencies": {
+    "basic-auth": "1.0.0",
+    "connect": "2.26.2",
+    "commander": "1.3.2",
+    "cookie-signature": "1.0.5",
+    "crc": "3.0.0",
+    "debug": "~2.0.0",
+    "depd": "0.4.5",
+    "escape-html": "1.0.1",
+    "fresh": "0.2.4",
+    "media-typer": "0.3.0",
+    "methods": "1.1.0",
+    "mkdirp": "0.5.0",
+    "parseurl": "~1.3.0",
+    "proxy-addr": "~1.0.2",
+    "range-parser": "~1.0.2",
+    "send": "0.9.2",
+    "vary": "~1.0.0",
+    "cookie": "0.1.2",
+    "merge-descriptors": "0.0.2"
  },
-  "engines": { "node": "*" }
+  "devDependencies": {
+    "connect-redis": "~1.5.0",
+    "istanbul": "0.3.2",
+    "mocha": "~1.21.4",
+    "should": "~4.0.0",
+    "ejs": "~1.0.0",
+    "jade": "~1.6.0",
+    "hjs": "~0.0.6",
+    "marked": "0.3.2",
+    "supertest": "~0.13.0"
+  },
+  "engines": {
+    "node": ">= 0.8.0"
+  },
+  "bin": {
+    "express": "./bin/express"
+  },
+  "scripts": {
+    "prepublish": "npm prune",
+    "test": "mocha --require test/support/env --reporter dot --check-leaks test/ test/acceptance/",
+    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --require test/support/env --reporter dot --check-leaks test/ test/acceptance/",
+    "test-tap": "mocha --require test/support/env --reporter tap --check-leaks test/ test/acceptance/",
+    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --require test/support/env --reporter spec --check-leaks test/ test/acceptance/"
+  }
 }
-
--- a/support/app.js
+++ b/support/app.js
@@ -16,8 +16,6 @@ app.set('views', __dirname + '/views');
 app.set('view engine', 'jade');
 app.locals.self = true;

-var repo = require('../package.json');
-
 app.get('/render', function(req, res){
  res.render('hello');
 });
@@ -65,4 +63,4 @@ app.get('/match', function(req, res){
  res.send('Hello World\n');
 });

-app.listen(8000);
+app.listen(8000);
--- a/support/bench
+++ b/support/bench
@@ -1,32 +0,0 @@
-#!/usr/bin/env bash
-
-NODE_ENV=production node ./support/app &
-pid=$!
-
-bench() {
-  ab -n 5000 -c 50 -k -q http://127.0.0.1:8000$1 \
-    | grep "Requests per" \
-    | cut -d ' ' -f 7 \
-    | xargs echo "$2:"
-}
-
-bench_conditional() {
-  ab -n 5000 -c 50 -H "If-None-Match: $3" -k -q http://127.0.0.1:8000$1 \
-    | grep "Requests per" \
-    | cut -d ' ' -f 7 \
-    | xargs echo "$2:"
-}
-
-sleep .5
-bench / "Hello World"
-bench /blog "Mounted Hello World"
-bench /blog/admin "Mounted 2 Hello World"
-bench /middleware "Middleware"
-bench /match "Router"
-bench /render "Render"
-bench /json "JSON tiny"
-bench /json/15 "JSON small"
-bench /json/50 "JSON medium"
-bench /json/150 "JSON large"
-
-kill -9 $pid
--- a/test/Router.js
+++ b/test/Router.js
@@ -1,7 +1,8 @@

 var express = require('../')
  , Router = express.Router
-  , request = require('./support/http')
+  , request = require('supertest')
+  , methods = require('methods')
  , assert = require('assert');

 describe('Router', function(){
@@ -76,4 +77,45 @@ describe('Router', function(){
      .expect('foo', done);
    })
  })
-})
+
+  describe('.multiple callbacks', function(){
+    it('should throw if a callback is null', function(){
+      assert.throws(function () {
+        router.route('get', '/foo', null, function(){});
+      })
+    })
+
+    it('should throw if a callback is undefined', function(){
+      assert.throws(function () {
+        router.route('get', '/foo', undefined, function(){});
+      })
+    })
+
+    it('should throw if a callback is not a function', function(){
+      assert.throws(function () {
+        router.route('get', '/foo', 'not a function', function(){});
+      })
+    })
+
+    it('should not throw if all callbacks are functions', function(){
+      router.route('get', '/foo', function(){}, function(){});
+    })
+  })
+
+  describe('.all', function() {
+    it('should support using .all to capture all http verbs', function() {
+      var router = new Router();
+
+      router.all('/foo', function(){});
+
+      var url = '/foo?bar=baz';
+
+      methods.forEach(function testMethod(method) {
+        var route = router.match(method, url);
+        route.constructor.name.should.equal('Route');
+        route.method.should.equal(method);
+        route.path.should.equal('/foo');
+      });
+    })
+  })
+})
--- a/test/acceptance/auth.js
+++ b/test/acceptance/auth.js
@@ -1,13 +1,5 @@
 var app = require('../../examples/auth/app')
-  , request = require('../support/http');
-
-function redirects(to, fn){
-  return function(err, res){
-    res.statusCode.should.equal(302)
-    res.headers.should.have.property('location').match(to);
-    fn()
-  }
-}
+var request = require('supertest')

 function getCookie(res) {
  return res.headers['set-cookie'][0].split(';')[0];
@@ -18,25 +10,93 @@ describe('auth', function(){
    it('should redirect to /login', function(done){
      request(app)
      .get('/')
-      .end(redirects(/\/login$/, done))
+      .expect('Location', '/login')
+      .expect(302, done)
    })
  })

-  describe('GET /restricted (w/o cookie)',function(){
-    it('should redirect to /login', function(done){
+  describe('GET /login',function(){
+    it('should render login form', function(done){
      request(app)
-      .get('/restricted')
-      .end(redirects(/\/login$/,done))
+      .get('/login')
+      .expect(200, /<form/, done)
    })
-  })

-  describe('POST /login', function(){
-    it('should fail without proper credentials', function(done){
+    it('should display login error', function(done){
      request(app)
      .post('/login')
      .type('urlencoded')
      .send('username=not-tj&password=foobar')
-      .end(redirects(/\/login$/, done))
+      .expect('Location', '/login')
+      .expect(302, function(err, res){
+        if (err) return done(err)
+        request(app)
+        .get('/login')
+        .set('Cookie', getCookie(res))
+        .expect(200, /Authentication failed/, done)
+      })
    })
  })
-})
+
+  describe('GET /logout',function(){
+    it('should redirect to /', function(done){
+      request(app)
+      .get('/logout')
+      .expect('Location', '/')
+      .expect(302, done)
+    })
+  })
+
+  describe('GET /restricted',function(){
+    it('should redirect to /login without cookie', function(done){
+      request(app)
+      .get('/restricted')
+      .expect('Location', '/login')
+      .expect(302, done)
+    })
+
+    it('should succeed with proper cookie', function(done){
+      request(app)
+      .post('/login')
+      .type('urlencoded')
+      .send('username=tj&password=foobar')
+      .expect('Location', '/')
+      .expect(302, function(err, res){
+        if (err) return done(err)
+        request(app)
+        .get('/restricted')
+        .set('Cookie', getCookie(res))
+        .expect(200, done)
+      })
+    })
+  })
+
+  describe('POST /login', function(){
+    it('should fail without proper username', function(done){
+      request(app)
+      .post('/login')
+      .type('urlencoded')
+      .send('username=not-tj&password=foobar')
+      .expect('Location', '/login')
+      .expect(302, done)
+    })
+
+    it('should fail without proper password', function(done){
+      request(app)
+      .post('/login')
+      .type('urlencoded')
+      .send('username=tj&password=baz')
+      .expect('Location', '/login')
+      .expect(302, done)
+    })
+
+    it('should succeed with proper credentials', function(done){
+      request(app)
+      .post('/login')
+      .type('urlencoded')
+      .send('username=tj&password=foobar')
+      .expect('Location', '/')
+      .expect(302, done)
+    })
+  })
+})
--- a/test/acceptance/content-negotiation.js
+++ b/test/acceptance/content-negotiation.js
@@ -1,5 +1,5 @@

-var request = require('../support/http')
+var request = require('supertest')
  , app = require('../../examples/content-negotiation');

 describe('content-negotiation', function(){
@@ -7,16 +7,43 @@ describe('content-negotiation', function(){
    it('should default to text/html', function(done){
      request(app)
      .get('/')
-      .expect('<ul><li>Tobi</li><li>Loki</li><li>Jane</li></ul>')
-      .end(done);
+      .expect(200, '<ul><li>Tobi</li><li>Loki</li><li>Jane</li></ul>', done)
    })

    it('should accept to text/plain', function(done){
      request(app)
      .get('/')
      .set('Accept', 'text/plain')
-      .expect(' - Tobi\n - Loki\n - Jane\n')
-      .end(done);
+      .expect(200, ' - Tobi\n - Loki\n - Jane\n', done)
+    })
+
+    it('should accept to application/json', function(done){
+      request(app)
+      .get('/')
+      .set('Accept', 'application/json')
+      .expect(200, '[{"name":"Tobi"},{"name":"Loki"},{"name":"Jane"}]', done)
    })
  })
-})
+
+  describe('GET /users', function(){
+    it('should default to text/html', function(done){
+      request(app)
+      .get('/users')
+      .expect(200, '<ul><li>Tobi</li><li>Loki</li><li>Jane</li></ul>', done)
+    })
+
+    it('should accept to text/plain', function(done){
+      request(app)
+      .get('/users')
+      .set('Accept', 'text/plain')
+      .expect(200, ' - Tobi\n - Loki\n - Jane\n', done)
+    })
+
+    it('should accept to application/json', function(done){
+      request(app)
+      .get('/users')
+      .set('Accept', 'application/json')
+      .expect(200, '[{"name":"Tobi"},{"name":"Loki"},{"name":"Jane"}]', done)
+    })
+  })
+})
--- a/test/acceptance/cookies.js
+++ b/test/acceptance/cookies.js
@@ -1,6 +1,6 @@

 var app = require('../../examples/cookies/app')
-  , request = require('../support/http');
+  , request = require('supertest');

 describe('cookies', function(){
  describe('GET /', function(){
@@ -18,6 +18,35 @@ describe('cookies', function(){
        done()
      })
    })
+
+    it('should respond to cookie', function(done){
+      request(app)
+      .post('/')
+      .send({ remember: 1 })
+      .expect(302, function(err, res){
+        if (err) return done(err)
+        request(app)
+        .get('/')
+        .set('Cookie', res.headers['set-cookie'][0])
+        .expect(200, /Remembered/, done)
+      })
+    })
+  })
+
+  describe('GET /forget', function(){
+    it('should clear cookie', function(done){
+      request(app)
+      .post('/')
+      .send({ remember: 1 })
+      .expect(302, function(err, res){
+        if (err) return done(err)
+        request(app)
+        .get('/forget')
+        .set('Cookie', res.headers['set-cookie'][0])
+        .expect('Set-Cookie', /remember=;/)
+        .expect(302, done)
+      })
+    })
  })

  describe('POST /', function(){
@@ -25,10 +54,20 @@ describe('cookies', function(){
      request(app)
      .post('/')
      .send({ remember: 1 })
-      .end(function(err, res){
+      .expect(302, function(err, res){
        res.headers.should.have.property('set-cookie')
        done()
      })
    })
+
+    it('should no set cookie w/o reminder', function(done){
+      request(app)
+      .post('/')
+      .send({})
+      .expect(302, function(err, res){
+        res.headers.should.not.have.property('set-cookie')
+        done()
+      })
+    })
  })
-})
+})
--- a/test/acceptance/downloads.js
+++ b/test/acceptance/downloads.js
@@ -1,6 +1,6 @@

 var app = require('../../examples/downloads/app')
-  , request = require('../support/http');
+  , request = require('supertest');

 describe('downloads', function(){
  describe('GET /', function(){
--- a/test/acceptance/ejs.js
+++ b/test/acceptance/ejs.js
@@ -1,5 +1,5 @@

-var request = require('../support/http')
+var request = require('supertest')
  , app = require('../../examples/ejs');

 describe('ejs', function(){
@@ -7,14 +7,11 @@ describe('ejs', function(){
    it('should respond with html', function(done){
      request(app)
      .get('/')
-      .end(function(err, res){
-        res.should.have.status(200);
-        res.should.have.header('Content-Type', 'text/html; charset=utf-8');
-        res.text.should.include('<li>tobi &lt;tobi@learnboost.com&gt;</li>');
-        res.text.should.include('<li>loki &lt;loki@learnboost.com&gt;</li>');
-        res.text.should.include('<li>jane &lt;jane@learnboost.com&gt;</li>');
-        done();
-      });
+      .expect('Content-Type', 'text/html; charset=utf-8')
+      .expect(/<li>tobi &lt;tobi@learnboost\.com&gt;<\/li>/)
+      .expect(/<li>loki &lt;loki@learnboost\.com&gt;<\/li>/)
+      .expect(/<li>jane &lt;jane@learnboost\.com&gt;<\/li>/)
+      .expect(200, done)
    })
  })
-})
+})
--- a/test/acceptance/error-pages.js
+++ b/test/acceptance/error-pages.js
@@ -1,6 +1,6 @@

 var app = require('../../examples/error-pages')
-  , request = require('../support/http');
+  , request = require('supertest');

 describe('error-pages', function(){
  describe('GET /', function(){
--- a/test/acceptance/error.js
+++ b/test/acceptance/error.js
@@ -1,6 +1,6 @@

 var app = require('../../examples/error')
-  , request = require('../support/http');
+  , request = require('supertest');

 describe('error', function(){
  describe('GET /', function(){
--- a/test/acceptance/markdown.js
+++ b/test/acceptance/markdown.js
@@ -1,13 +1,13 @@

 var app = require('../../examples/markdown')
-  , request = require('../support/http');
+var request = require('supertest')

 describe('markdown', function(){
  describe('GET /', function(){
    it('should respond with html', function(done){
      request(app)
        .get('/')
-        .expect(/<h1>Markdown Example<\/h1>/,done)
+        .expect(/<h1[^>]*>Markdown Example<\/h1>/,done)
    })
  })

@@ -18,4 +18,4 @@ describe('markdown', function(){
        .expect(500,done)
    })
  })
-})
+})
--- a/test/acceptance/mvc.js
+++ b/test/acceptance/mvc.js
@@ -1,5 +1,5 @@

-var request = require('../support/http')
+var request = require('supertest')
  , app = require('../../examples/mvc');

 describe('mvc', function(){
@@ -7,10 +7,39 @@ describe('mvc', function(){
    it('should redirect to /users', function(done){
      request(app)
      .get('/')
+      .expect('Location', '/users')
+      .expect(302, done)
+    })
+  })
+
+  describe('GET /pet/0', function(){
+    it('should get pet', function(done){
+      request(app)
+      .get('/pet/0')
+      .expect(200, /Tobi/, done)
+    })
+  })
+
+  describe('GET /pet/0/edit', function(){
+    it('should get pet edit page', function(done){
+      request(app)
+      .get('/pet/0/edit')
+      .expect(/<form/)
+      .expect(200, /Tobi/, done)
+    })
+  })
+
+  describe('PUT /pet/2', function(){
+    it('should update the pet', function(done){
+      request(app)
+      .put('/pet/3')
+      .set('Content-Type', 'application/x-www-form-urlencoded')
+      .send({ pet: { name: 'Boots' } })
      .end(function(err, res){
-        res.should.have.status(302);
-        res.headers.location.should.include('/users');
-        done();
+        if (err) return done(err);
+        request(app)
+        .get('/pet/3/edit')
+        .expect(200, /Boots/, done)
      })
    })
  })
@@ -19,13 +48,11 @@ describe('mvc', function(){
    it('should display a list of users', function(done){
      request(app)
      .get('/users')
-      .end(function(err, res){
-        res.text.should.include('<h1>Users</h1>');
-        res.text.should.include('>TJ<');
-        res.text.should.include('>Guillermo<');
-        res.text.should.include('>Nathan<');
-        done();
-      })
+      .expect(/<h1>Users<\/h1>/)
+      .expect(/>TJ</)
+      .expect(/>Guillermo</)
+      .expect(/>Nathan</)
+      .expect(200, done)
    })
  })

@@ -34,21 +61,16 @@ describe('mvc', function(){
      it('should display the user', function(done){
        request(app)
        .get('/user/0')
-        .end(function(err, res){
-          res.text.should.include('<h1>TJ <a href="/user/0/edit">edit');
-          done();
-        })
+        .expect(200, /<h1>TJ <a href="\/user\/0\/edit">edit/, done)
      })

      it('should display the users pets', function(done){
        request(app)
        .get('/user/0')
-        .end(function(err, res){
-          res.text.should.include('/pet/0">Tobi');
-          res.text.should.include('/pet/1">Loki');
-          res.text.should.include('/pet/2">Jane');
-          done();
-        })
+        .expect(/\/pet\/0">Tobi/)
+        .expect(/\/pet\/1">Loki/)
+        .expect(/\/pet\/2">Jane/)
+        .expect(200, done)
      })
    })

@@ -65,11 +87,8 @@ describe('mvc', function(){
    it('should display the edit form', function(done){
      request(app)
      .get('/user/1/edit')
-      .end(function(err, res){
-        res.text.should.include('<h1>Guillermo</h1>');
-        res.text.should.include('value="put"');
-        done();
-      })
+      .expect(/Guillermo/)
+      .expect(200, /<form/, done)
    })
  })

@@ -77,15 +96,30 @@ describe('mvc', function(){
    it('should update the user', function(done){
      request(app)
      .put('/user/1')
+      .set('Content-Type', 'application/x-www-form-urlencoded')
      .send({ user: { name: 'Tobo' }})
      .end(function(err, res){
+        if (err) return done(err);
        request(app)
        .get('/user/1/edit')
-        .end(function(err, res){
-          res.text.should.include('<h1>Tobo</h1>');
-          done();
-        })
+        .expect(200, /Tobo/, done)
      })
    })
  })
-})
+
+  describe('POST /user/:id/pet', function(){
+    it('should create a pet for user', function(done){
+      request(app)
+      .post('/user/2/pet')
+      .set('Content-Type', 'application/x-www-form-urlencoded')
+      .send({ pet: { name: 'Snickers' }})
+      .expect('Location', '/user/2')
+      .expect(302, function(err, res){
+        if (err) return done(err)
+        request(app)
+        .get('/user/2')
+        .expect(200, /Snickers/, done)
+      })
+    })
+  })
+})
--- a/test/acceptance/params.js
+++ b/test/acceptance/params.js
@@ -1,5 +1,5 @@
 var app = require('../../examples/params/app')
-  , request = require('../support/http');
+var request = require('supertest')

 describe('params', function(){
  describe('GET /', function(){
@@ -18,6 +18,14 @@ describe('params', function(){
    })
  })

+  describe('GET /user/9', function(){
+    it('should fail to find user', function(done){
+      request(app)
+        .get('/user/9')
+        .expect(/failed to find user/,done)
+    })
+  })
+
  describe('GET /users/0-2', function(){
    it('should respond with three users', function(done){
      request(app)
@@ -25,4 +33,12 @@ describe('params', function(){
        .expect(/users tj, tobi/,done)
    })
  })
-})
+
+  describe('GET /users/foo-bar', function(){
+    it('should fail integer parsing', function(done){
+      request(app)
+        .get('/users/foo-bar')
+        .expect(/failed to parseInt foo/,done)
+    })
+  })
+})
--- a/test/acceptance/resource.js
+++ b/test/acceptance/resource.js
@@ -1,5 +1,5 @@
 var app = require('../../examples/resource/app')
-  , request = require('../support/http');
+var request = require('supertest')

 describe('resource', function(){
  describe('GET /', function(){
@@ -26,6 +26,14 @@ describe('resource', function(){
    })
  })

+  describe('GET /users/9', function(){
+    it('should respond with error', function(done){
+      request(app)
+        .get('/users/9')
+        .expect('{"error":"Cannot find user"}', done)
+    })
+  })
+
  describe('GET /users/1..3', function(){
    it('should respond with users 1 through 3', function(done){
      request(app)
@@ -35,13 +43,21 @@ describe('resource', function(){
  })

  describe('DELETE /users/1', function(){
-    it('should respond with users 1 through 3', function(done){
+    it('should delete user 1', function(done){
      request(app)
        .del('/users/1')
        .expect(/^destroyed/,done)
    })
  })

+  describe('DELETE /users/9', function(){
+    it('should fail', function(done){
+      request(app)
+        .del('/users/9')
+        .expect('Cannot find user', done)
+    })
+  })
+
  describe('GET /users/1..3.json', function(){
    it('should respond with users 2 and 3 as json', function(done){
      request(app)
@@ -49,4 +65,4 @@ describe('resource', function(){
        .expect(/^\[null,{"name":"aaron"},{"name":"guillermo"}\]/,done)
    })
  })
-})
+})
--- a/test/acceptance/web-service.js
+++ b/test/acceptance/web-service.js
@@ -1,5 +1,5 @@

-var request = require('../support/http')
+var request = require('supertest')
  , app = require('../../examples/web-service');

 describe('web-service', function(){
@@ -24,11 +24,72 @@ describe('web-service', function(){
      it('should respond users json', function(done){
        request(app)
        .get('/api/users?api-key=foo')
-        .end(function(err, res){
-          res.should.be.json;
-          res.text.should.equal('[{"name":"tobi"},{"name":"loki"},{"name":"jane"}]');
-          done();
-        });
+        .expect('Content-Type', 'application/json; charset=utf-8')
+        .expect(200, '[{"name":"tobi"},{"name":"loki"},{"name":"jane"}]', done)
+      })
+    })
+  })
+
+  describe('GET /api/repos', function(){
+    describe('without an api key', function(){
+      it('should respond with 400 bad request', function(done){
+        request(app)
+        .get('/api/repos')
+        .expect(400, done);
+      })
+    })
+
+    describe('with an invalid api key', function(){
+      it('should respond with 401 unauthorized', function(done){
+        request(app)
+        .get('/api/repos?api-key=rawr')
+        .expect(401, done);
+      })
+    })
+
+    describe('with a valid api key', function(){
+      it('should respond repos json', function(done){
+        request(app)
+        .get('/api/repos?api-key=foo')
+        .expect('Content-Type', 'application/json; charset=utf-8')
+        .expect(/"name":"express"/)
+        .expect(/"url":"http:\/\/github.com\/strongloop\/express"/)
+        .expect(200, done)
+      })
+    })
+  })
+
+  describe('GET /api/user/:name/repos', function(){
+    describe('without an api key', function(){
+      it('should respond with 400 bad request', function(done){
+        request(app)
+        .get('/api/user/loki/repos')
+        .expect(400, done);
+      })
+    })
+
+    describe('with an invalid api key', function(){
+      it('should respond with 401 unauthorized', function(done){
+        request(app)
+        .get('/api/user/loki/repos?api-key=rawr')
+        .expect(401, done);
+      })
+    })
+
+    describe('with a valid api key', function(){
+      it('should respond user repos json', function(done){
+        request(app)
+        .get('/api/user/loki/repos?api-key=foo')
+        .expect('Content-Type', 'application/json; charset=utf-8')
+        .expect(/"name":"stylus"/)
+        .expect(/"url":"http:\/\/github.com\/learnboost\/stylus"/)
+        .expect(200, done)
+      })
+
+      it('should 404 with unknown user', function(done){
+        request(app)
+        .get('/api/user/bob/repos?api-key=foo')
+        .expect(404, done)
      })
    })
  })
@@ -37,12 +98,8 @@ describe('web-service', function(){
    it('should respond with 404 json', function(done){
      request(app)
      .get('/api/something?api-key=bar')
-      .end(function(err, res){
-        res.should.have.status(404);
-        res.should.be.json;
-        res.text.should.equal('{"error":"Lame, can\'t find that"}');
-        done();
-      });
+      .expect('Content-Type', /json/)
+      .expect(404, '{"error":"Lame, can\'t find that"}', done)
    })
  })
-})
+})
--- a/test/app.all.js
+++ b/test/app.all.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app.all()', function(){
  it('should add a router per method', function(done){
--- a/test/app.del.js
+++ b/test/app.del.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app.del()', function(){
  it('should alias app.delete()', function(done){
--- a/test/app.engine.js
+++ b/test/app.engine.js
@@ -61,5 +61,20 @@ describe('app', function(){
        done();
      })
    })
+    
+    it('should work "view engine" with leading "."', function(done){
+      var app = express();
+
+      app.set('views', __dirname + '/fixtures');
+      app.engine('.html', render);
+      app.set('view engine', '.html');
+      app.locals.user = { name: 'tobi' };
+
+      app.render('user', function(err, str){
+        if (err) return done(err);
+        str.should.equal('<p>tobi</p>');
+        done();
+      })
+    })
  })
 })
--- a/test/app.head.js
+++ b/test/app.head.js
@@ -1,7 +1,7 @@

-var express = require('../')
-  , request = require('./support/http')
-  , assert = require('assert');
+var express = require('../');
+var request = require('supertest');
+var assert = require('assert');

 describe('HEAD', function(){
  it('should default to GET', function(done){
@@ -16,6 +16,31 @@ describe('HEAD', function(){
    .head('/tobi')
    .expect(200, done);
  })
+
+  it('should output the same headers as GET requests', function(done){
+    var app = express();
+
+    app.get('/tobi', function(req, res){
+      // send() detects HEAD
+      res.send('tobi');
+    });
+
+    request(app)
+    .get('/tobi')
+    .expect(200, function(err, res){
+      if (err) return done(err);
+      var headers = res.headers;
+      request(app)
+      .get('/tobi')
+      .expect(200, function(err, res){
+        if (err) return done(err);
+        delete headers.date;
+        delete res.headers.date;
+        assert.deepEqual(res.headers, headers);
+        done();
+      });
+    });
+  })
 })

 describe('app.head()', function(){
--- a/test/app.js
+++ b/test/app.js
@@ -71,4 +71,13 @@ describe('in production', function(){
    app.enabled('view cache').should.be.true;
    process.env.NODE_ENV = 'test';
  })
-})
+})
+
+describe('without NODE_ENV', function(){
+  it('should default to development', function(){
+    process.env.NODE_ENV = '';
+    var app = express();
+    app.get('env').should.equal('development');
+    process.env.NODE_ENV = 'test';
+  })
+})
--- a/test/app.listen.js
+++ b/test/app.listen.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app.listen()', function(){
  it('should wrap with an HTTP server', function(done){
--- a/test/app.locals.js
+++ b/test/app.locals.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app', function(){
  describe('.locals(obj)', function(){
@@ -14,7 +14,7 @@ describe('app', function(){
      app.locals.age.should.equal(2);
    })
  })
-  
+
  describe('.locals.settings', function(){
    it('should expose app settings', function(){
      var app = express();
--- a/test/app.options.js
+++ b/test/app.options.js
@@ -0,0 +1,61 @@
+
+var express = require('../')
+  , request = require('supertest');
+
+describe('OPTIONS', function(){
+  it('should default to the routes defined', function(done){
+    var app = express();
+
+    app.del('/', function(){});
+    app.get('/users', function(req, res){});
+    app.put('/users', function(req, res){});
+
+    request(app)
+    .options('/users')
+    .expect('GET,PUT')
+    .expect('Allow', 'GET,PUT', done);
+  })
+
+  it('should not respond if the path is not defined', function(done){
+    var app = express();
+
+    app.get('/users', function(req, res){});
+
+    request(app)
+    .options('/other')
+    .expect(404, done);
+  })
+
+  it('should forward requests down the middleware chain', function(done){
+    var app = express();
+    var router = new express.Router();
+
+    router.get('/users', function(req, res){});
+    app.use(router.middleware);
+    app.get('/other', function(req, res){});
+
+    request(app)
+    .options('/other')
+    .expect('GET')
+    .expect('Allow', 'GET', done);
+  })
+})
+
+describe('app.options()', function(){
+  it('should override the default behavior', function(done){
+    var app = express();
+
+    app.options('/users', function(req, res){
+      res.set('Allow', 'GET');
+      res.send('GET');
+    });
+
+    app.get('/users', function(req, res){});
+    app.put('/users', function(req, res){});
+
+    request(app)
+    .options('/users')
+    .expect('GET')
+    .expect('Allow', 'GET', done);
+  })
+})
--- a/test/app.param.js
+++ b/test/app.param.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app', function(){
  describe('.param(fn)', function(){
@@ -8,7 +8,7 @@ describe('app', function(){
      var app = express();

      app.param(function(name, regexp){
-        if (regexp instanceof RegExp) {
+        if (Object.prototype.toString.call(regexp) == '[object RegExp]') { // See #1557
          return function(req, res, next, val){
            var captures;
            if (captures = regexp.exec(String(val))) {
@@ -37,6 +37,11 @@ describe('app', function(){
      });

    })
+
+    it('should fail if not given fn', function(){
+      var app = express();
+      app.param.bind(app, ':name', 'bob').should.throw();
+    })
  })

  describe('.param(names, fn)', function(){
@@ -52,13 +57,13 @@ describe('app', function(){

      app.get('/post/:id', function(req, res){
        var id = req.params.id;
-        id.should.be.a('number');
+        id.should.be.a.Number;
        res.send('' + id);
      });

      app.get('/user/:uid', function(req, res){
        var id = req.params.id;
-        id.should.be.a('number');
+        id.should.be.a.Number;
        res.send('' + id);
      });

@@ -87,7 +92,7 @@ describe('app', function(){

      app.get('/user/:id', function(req, res){
        var id = req.params.id;
-        id.should.be.a('number');
+        id.should.be.a.Number;
        res.send('' + id);
      });

@@ -95,5 +100,61 @@ describe('app', function(){
      .get('/user/123')
      .expect('123', done);
    })
+
+    it('should work with encoded values', function(done){
+      var app = express();
+
+      app.param('name', function(req, res, next, name){
+        req.params.name = name;
+        next();
+      });
+
+      app.get('/user/:name', function(req, res){
+        var name = req.params.name;
+        res.send('' + name);
+      });
+
+      request(app)
+      .get('/user/foo%25bar')
+      .expect('foo%bar', done);
+    })
+
+    it('should catch thrown error', function(done){
+      var app = express();
+
+      app.param('id', function(req, res, next, id){
+        throw new Error('err!');
+      });
+
+      app.get('/user/:id', function(req, res){
+        var id = req.params.id;
+        res.send('' + id);
+      });
+
+      request(app)
+      .get('/user/123')
+      .expect(500, done);
+    })
+
+    it('should defer to next route', function(done){
+      var app = express();
+
+      app.param('id', function(req, res, next, id){
+        next('route');
+      });
+
+      app.get('/user/:id', function(req, res){
+        var id = req.params.id;
+        res.send('' + id);
+      });
+
+      app.get('/:name/123', function(req, res){
+        res.send('name');
+      });
+
+      request(app)
+      .get('/user/123')
+      .expect('name', done);
+    })
  })
 })
--- a/test/app.render.js
+++ b/test/app.render.js
@@ -14,7 +14,7 @@ describe('app', function(){
        done();
      })
    })
-    
+
    it('should support absolute paths with "view engine"', function(done){
      var app = express();

@@ -40,7 +40,7 @@ describe('app', function(){
        done();
      })
    })
-    
+
    it('should support index.<engine>', function(done){
      var app = express();

@@ -54,12 +54,33 @@ describe('app', function(){
      })
    })

+    it('should handle render error throws', function(done){
+      var app = express();
+
+      function View(name, options){
+        this.name = name;
+        this.path = 'fale';
+      }
+
+      View.prototype.render = function(options, fn){
+        throw new Error('err!');
+      };
+
+      app.set('view', View);
+
+      app.render('something', function(err, str){
+        err.should.be.ok;
+        err.message.should.equal('err!');
+        done();
+      })
+    })
+
    describe('when the file does not exist', function(){
      it('should provide a helpful error', function(done){
        var app = express();
        app.set('views', __dirname + '/fixtures');
        app.render('rawr.jade', function(err){
-          err.message.should.equal('Failed to lookup view "rawr.jade"');
+          err.message.should.equal('Failed to lookup view "rawr.jade" in views directory "' + __dirname + '/fixtures"');
          done();
        });
      })
@@ -74,7 +95,7 @@ describe('app', function(){
        app.render('user.jade', function(err, str){
          // nextTick to prevent cyclic
          process.nextTick(function(){
-            err.message.should.match(/user is not defined/);
+            err.message.should.match(/Cannot read property 'name' of undefined/);
            done();
          });
        })
@@ -109,8 +130,93 @@ describe('app', function(){
        })
      })
    })
+
+    describe('when a "view" constructor is given', function(){
+      it('should create an instance of it', function(done){
+        var app = express();
+
+        function View(name, options){
+          this.name = name;
+          this.path = 'path is required by application.js as a signal of success even though it is not used there.';
+        }
+
+        View.prototype.render = function(options, fn){
+          fn(null, 'abstract engine');
+        };
+
+        app.set('view', View);
+
+        app.render('something', function(err, str){
+          if (err) return done(err);
+          str.should.equal('abstract engine');
+          done();
+        })
+      })
+    })
+
+    describe('caching', function(){
+      it('should always lookup view without cache', function(done){
+        var app = express();
+        var count = 0;
+
+        function View(name, options){
+          this.name = name;
+          this.path = 'fake';
+          count++;
+        }
+
+        View.prototype.render = function(options, fn){
+          fn(null, 'abstract engine');
+        };
+
+        app.set('view cache', false);
+        app.set('view', View);
+
+        app.render('something', function(err, str){
+          if (err) return done(err);
+          count.should.equal(1);
+          str.should.equal('abstract engine');
+          app.render('something', function(err, str){
+            if (err) return done(err);
+            count.should.equal(2);
+            str.should.equal('abstract engine');
+            done();
+          })
+        })
+      })
+
+      it('should cache with "view cache" setting', function(done){
+        var app = express();
+        var count = 0;
+
+        function View(name, options){
+          this.name = name;
+          this.path = 'fake';
+          count++;
+        }
+
+        View.prototype.render = function(options, fn){
+          fn(null, 'abstract engine');
+        };
+
+        app.set('view cache', true);
+        app.set('view', View);
+
+        app.render('something', function(err, str){
+          if (err) return done(err);
+          count.should.equal(1);
+          str.should.equal('abstract engine');
+          app.render('something', function(err, str){
+            if (err) return done(err);
+            count.should.equal(1);
+            str.should.equal('abstract engine');
+            done();
+          })
+        })
+      })
+    })
  })
-  
+
  describe('.render(name, options, fn)', function(){
    it('should render the template', function(done){
      var app = express();
@@ -125,7 +231,7 @@ describe('app', function(){
        done();
      })
    })
-    
+
    it('should expose app.locals', function(done){
      var app = express();

@@ -138,7 +244,7 @@ describe('app', function(){
        done();
      })
    })
-    
+
    it('should give precedence to app.render() locals', function(done){
      var app = express();

@@ -152,5 +258,37 @@ describe('app', function(){
        done();
      })
    })
+
+    describe('caching', function(){
+      it('should cache with cache option', function(done){
+        var app = express();
+        var count = 0;
+
+        function View(name, options){
+          this.name = name;
+          this.path = 'fake';
+          count++;
+        }
+
+        View.prototype.render = function(options, fn){
+          fn(null, 'abstract engine');
+        };
+
+        app.set('view cache', false);
+        app.set('view', View);
+
+        app.render('something', {cache: true}, function(err, str){
+          if (err) return done(err);
+          count.should.equal(1);
+          str.should.equal('abstract engine');
+          app.render('something', {cache: true}, function(err, str){
+            if (err) return done(err);
+            count.should.equal(1);
+            str.should.equal('abstract engine');
+            done();
+          })
+        })
+      })
+    })
  })
 })
--- a/test/app.request.js
+++ b/test/app.request.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app', function(){
  describe('.request', function(){
--- a/test/app.response.js
+++ b/test/app.response.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app', function(){
  describe('.response', function(){
@@ -19,7 +19,7 @@ describe('app', function(){
      .get('/')
      .expect('HEY', done);
    })
-    
+
    it('should not be influenced by other app protos', function(done){
      var app = express()
        , app2 = express();
@@ -27,7 +27,7 @@ describe('app', function(){
      app.response.shout = function(str){
        this.send(str.toUpperCase());
      };
-      
+
      app2.response.shout = function(str){
        this.send(str);
      };
--- a/test/app.router.js
+++ b/test/app.router.js
@@ -1,14 +1,15 @@

 var express = require('../')
-  , request = require('./support/http')
+  , request = require('supertest')
  , assert = require('assert')
  , methods = require('methods');

 describe('app.router', function(){
  describe('methods supported', function(){
-    methods.forEach(function(method){
+    methods.concat('del').forEach(function(method){
+      if (method === 'connect') return;
+
      it('should include ' + method.toUpperCase(), function(done){
-        if (method == 'delete') method = 'del';
        var app = express();
        var calls = [];

@@ -27,16 +28,54 @@ describe('app.router', function(){
    });
  })

-  it('should decode params', function(done){
-    var app = express();
+  describe('decode querystring', function(){
+    it('should decode correct params', function(done){
+      var app = express();

-    app.get('/:name', function(req, res, next){
-      res.send(req.params.name);
-    });
+      app.get('/:name', function(req, res, next){
+        res.send(req.params.name);
+      });

-    request(app)
-    .get('/foo%2Fbar')
-    .expect('foo/bar', done);
+      request(app)
+      .get('/foo%2Fbar')
+      .expect('foo/bar', done);
+    })
+
+    it('should not accept params in malformed paths', function(done) {
+      var app = express();
+
+      app.get('/:name', function(req, res, next){
+        res.send(req.params.name);
+      });
+
+      request(app)
+      .get('/%foobar')
+      .expect(400, done);
+    })
+
+    it('should not decode spaces', function(done) {
+      var app = express();
+
+      app.get('/:name', function(req, res, next){
+        res.send(req.params.name);
+      });
+
+      request(app)
+      .get('/foo+bar')
+      .expect('foo+bar', done);
+    })
+
+    it('should work with unicode', function(done) {
+      var app = express();
+
+      app.get('/:name', function(req, res, next){
+        res.send(req.params.name);
+      });
+
+      request(app)
+      .get('/%ce%b1')
+      .expect('\u03b1', done);
+    })
  })

  it('should be .use()able', function(done){
@@ -48,7 +87,7 @@ describe('app.router', function(){
      calls.push('before');
      next();
    });
-    
+
    app.use(app.router);

    app.use(function(req, res, next){
@@ -68,7 +107,7 @@ describe('app.router', function(){
      done();
    })
  })
-  
+
  it('should be auto .use()d on the first app.VERB() call', function(done){
    var app = express();

@@ -78,7 +117,7 @@ describe('app.router', function(){
      calls.push('before');
      next();
    });
-    
+
    app.get('/', function(req, res, next){
      calls.push('GET /')
      next();
@@ -109,13 +148,13 @@ describe('app.router', function(){
      .get('/user/12?foo=bar')
      .expect('user', done);
    })
-    
+
    it('should populate req.params with the captures', function(done){
      var app = express();

      app.get(/^\/user\/([0-9]+)\/(view|edit)?$/, function(req, res){
-        var id = req.params.shift()
-          , op = req.params.shift();
+        var id = req.params[0]
+          , op = req.params[1];
        res.end(op + 'ing user ' + id);
      });

@@ -124,24 +163,6 @@ describe('app.router', function(){
      .expect('editing user 10', done);
    })
  })
-  
-  describe('when given an array', function(){
-    it('should match all paths in the array', function(done){
-      var app = express();
-      
-      app.get(['/one', '/two'], function(req, res){
-        res.end('works');
-      });
-      
-      request(app)
-      .get('/one')
-      .expect('works', function() {
-        request(app)
-        .get('/two')
-        .expect('works', done);
-      });
-    })
-  })

  describe('case sensitivity', function(){
    it('should be disabled by default', function(done){
@@ -155,7 +176,7 @@ describe('app.router', function(){
      .get('/USER')
      .expect('tj', done);
    })
-    
+
    describe('when "case sensitive routing" is enabled', function(){
      it('should match identical casing', function(done){
        var app = express();
@@ -170,7 +191,7 @@ describe('app.router', function(){
        .get('/uSer')
        .expect('tj', done);
      })
-      
+
      it('should not match otherwise', function(done){
        var app = express();

@@ -199,7 +220,7 @@ describe('app.router', function(){
      .get('/user/')
      .expect('tj', done);
    })
-    
+
    describe('when "strict routing" is enabled', function(){
      it('should match trailing slashes', function(done){
        var app = express();
@@ -214,7 +235,7 @@ describe('app.router', function(){
        .get('/user/')
        .expect('tj', done);
      })
-      
+
      it('should match no slashes', function(done){
        var app = express();

@@ -228,7 +249,7 @@ describe('app.router', function(){
        .get('/user')
        .expect('tj', done);
      })
-      
+
      it('should fail when omitting the trailing slash', function(done){
        var app = express();

@@ -242,7 +263,7 @@ describe('app.router', function(){
        .get('/user')
        .expect(404, done);
      })
-      
+
      it('should fail when adding the trailing slash', function(done){
        var app = express();

@@ -275,7 +296,7 @@ describe('app.router', function(){
      .expect(404, done);
    });
  })
-  
+
  it('should allow literal "."', function(done){
    var app = express();

@@ -303,13 +324,13 @@ describe('app.router', function(){
      .get('/user/tj.json')
      .expect('tj', done);
    })
-    
+
    it('should work with several', function(done){
      var app = express();

      app.get('/api/*.*', function(req, res){
-        var resource = req.params.shift()
-          , format = req.params.shift();
+        var resource = req.params[0]
+          , format = req.params[1];
        res.end(resource + ' as ' + format);
      });

@@ -346,7 +367,7 @@ describe('app.router', function(){
      .get('/api/users/0.json')
      .expect('users/0.json', done);
    })
-    
+
    it('should not be greedy immediately after param', function(done){
      var app = express();

@@ -370,7 +391,7 @@ describe('app.router', function(){
      .get('/user/122/aaa')
      .expect('122', done);
    })
-    
+
    it('should span multiple segments', function(done){
      var app = express();

@@ -382,7 +403,7 @@ describe('app.router', function(){
      .get('/file/javascripts/jquery.js')
      .expect('javascripts/jquery.js', done);
    })
-    
+
    it('should be optional', function(done){
      var app = express();

@@ -394,7 +415,7 @@ describe('app.router', function(){
      .get('/file/')
      .expect('', done);
    })
-    
+
    it('should require a preceeding /', function(done){
      var app = express();

@@ -420,7 +441,7 @@ describe('app.router', function(){
      .get('/user/tj')
      .expect('tj', done);
    })
-    
+
    it('should match a single segment only', function(done){
      var app = express();

@@ -432,7 +453,7 @@ describe('app.router', function(){
      .get('/user/tj/edit')
      .expect(404, done);
    })
-    
+
    it('should allow several capture groups', function(done){
      var app = express();

@@ -459,7 +480,7 @@ describe('app.router', function(){
      .get('/user/tj')
      .expect('viewing tj', done);
    })
-    
+
    it('should populate the capture group', function(done){
      var app = express();

@@ -473,7 +494,7 @@ describe('app.router', function(){
      .expect('editing tj', done);
    })
  })
-  
+
  describe('.:name', function(){
    it('should denote a format', function(done){
      var app = express();
@@ -491,7 +512,7 @@ describe('app.router', function(){
      });
    })
  })
-  
+
  describe('.:name?', function(){
    it('should denote an optional format', function(done){
      var app = express();
@@ -509,7 +530,7 @@ describe('app.router', function(){
      });
    })
  })
-  
+
  describe('when next() is called', function(){
    it('should continue lookup', function(done){
      var app = express()
@@ -528,7 +549,7 @@ describe('app.router', function(){
        calls.push('/foo');
        next();
      });
-      
+
      app.get('/foo', function(req, res, next){
        calls.push('/foo 2');
        res.end('done');
@@ -542,7 +563,31 @@ describe('app.router', function(){
      })
    })
  })
-  
+
+  describe('when next("route") is called', function(){
+    it('should jump to next route', function(done){
+      var app = express()
+
+      function fn(req, res, next){
+        res.set('X-Hit', '1')
+        next('route')
+      }
+
+      app.get('/foo', fn, function(req, res, next){
+        res.end('failure')
+      });
+
+      app.get('/foo', function(req, res){
+        res.end('success')
+      })
+
+      request(app)
+      .get('/foo')
+      .expect('X-Hit', '1')
+      .expect(200, 'success', done)
+    })
+  })
+
  describe('when next(err) is called', function(){
    it('should break out of app.router', function(done){
      var app = express()
@@ -561,7 +606,7 @@ describe('app.router', function(){
        calls.push('/foo');
        next(new Error('fail'));
      });
-      
+
      app.get('/foo', function(req, res, next){
        assert(0);
      });
@@ -596,4 +641,9 @@ describe('app.router', function(){
    .get('/account/edit')
    .expect('editing user 12', done);
  })
+
+  it('should be chainable', function(){
+    var app = express();
+    app.get('/', function(){}).should.equal(app);
+  })
 })
--- a/test/app.routes.error.js
+++ b/test/app.routes.error.js
@@ -1,5 +1,5 @@
 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app', function(){
  describe('.VERB()', function(){
--- a/test/app.routes.js
+++ b/test/app.routes.js
@@ -1,7 +1,7 @@

 var express = require('../')
  , assert = require('assert')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app.routes', function(){
  it('should be initialized', function(){
--- a/test/app.use.js
+++ b/test/app.use.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app', function(){
  it('should emit "mount" when mounted', function(done){
@@ -23,7 +23,7 @@ describe('app', function(){
      blog.get('/blog', function(req, res){
        res.end('blog');
      });
-      
+
      app.use(blog);

      request(app)
--- a/test/config.js
+++ b/test/config.js
@@ -13,6 +13,29 @@ describe('config', function(){
      var app = express();
      app.set('foo', undefined).should.equal(app);
    })
+
+    describe('"etag"', function(){
+      it('should throw on bad value', function(){
+        var app = express()
+        app.set.bind(app, 'etag', 42).should.throw(/unknown value/)
+      })
+
+      it('should set "etag fn"', function(){
+        var app = express()
+        var fn = function(){}
+        app.set('etag', fn)
+        app.get('etag fn').should.equal(fn)
+      })
+    })
+
+    describe('"trust proxy"', function(){
+      it('should set "trust proxy fn"', function(){
+        var app = express()
+        var fn = function(){}
+        app.set('trust proxy', fn)
+        app.get('trust proxy fn').should.equal(fn)
+      })
+    })
  })

  describe('.get()', function(){
@@ -91,4 +114,4 @@ describe('config', function(){
      app.disabled('foo').should.be.false;
    })
  })
-})
+})
--- a/test/exports.js
+++ b/test/exports.js
@@ -1,13 +1,9 @@

-var express = require('../')
-  , request = require('./support/http')
-  , assert = require('assert');
+var express = require('../');
+var request = require('supertest');
+var assert = require('assert');

 describe('exports', function(){
-  it('should have .version', function(){
-    express.should.have.property('version');
-  })
-  
  it('should expose connect middleware', function(){
    express.should.have.property('bodyParser');
    express.should.have.property('session');
@@ -19,19 +15,19 @@ describe('exports', function(){
  })

  it('should expose Router', function(){
-    express.Router.should.be.a('function');
+    express.Router.should.be.a.Function;
  })
-  
+
  it('should expose the application prototype', function(){
-    express.application.set.should.be.a('function');
+    express.application.set.should.be.a.Function;
  })
-  
+
  it('should expose the request prototype', function(){
-    express.request.accepts.should.be.a('function');
+    express.request.accepts.should.be.a.Function;
  })
-  
+
  it('should expose the response prototype', function(){
-    express.response.send.should.be.a('function');
+    express.response.send.should.be.a.Function;
  })

  it('should permit modifying the .application prototype', function(){
@@ -51,7 +47,7 @@ describe('exports', function(){
    .get('/')
    .expect('bar', done);
  })
-  
+
  it('should permit modifying the .response prototype', function(done){
    express.response.foo = function(){ this.send('bar'); };
    var app = express();
--- a/test/fixtures/.name
+++ b/test/fixtures/.name
@@ -0,0 +1 @@
+tobi
--- a/test/fixtures/blog/index.html
+++ b/test/fixtures/blog/index.html
@@ -0,0 +1 @@
+<b>index</b>
--- a/test/middleware.basic.js
+++ b/test/middleware.basic.js
@@ -1,6 +1,6 @@
 // 
 // var express = require('../')
-//   , request = require('./support/http');
+//   , request = require('supertest');
 // 
 // describe('middleware', function(){
 //   describe('.next()', function(){
--- a/test/regression.js
+++ b/test/regression.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('throw after .end()', function(){
  it('should fail gracefully', function(done){
--- a/test/req.accepted.js
+++ b/test/req.accepted.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('req', function(){
  describe('.accepted', function(){
--- a/test/req.acceptedCharsets.js
+++ b/test/req.acceptedCharsets.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('req', function(){
  describe('.acceptedCharsets', function(){
--- a/Show More
+++ b/Show More