3.18.3

deps: should@~4.2.1
deps: connect@2.27.3
2026-02-26 18:57:43 +00:00 · 2014-11-09 18:35:34 -05:00 · 2014-11-09 18:33:17 -05:00 · 2014-11-09 18:32:43 -05:00 · 2014-10-29 01:10:45 -04:00 · 2014-10-29 01:08:36 -04:00
125 changed files with 2853 additions and 838 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -1,19 +1,26 @@
-coverage.html
-.DS_Store
-lib-cov
-*.seed
+# OS X
+.DS_Store*
+Icon?
+._*
+
+# Windows
+Thumbs.db
+ehthumbs.db
+Desktop.ini
+
+# Linux
+.directory
+*~
+
+
+# npm
+node_modules
 *.log
-*.csv
-*.dat
-*.out
-*.pid
-*.swp
-*.swo
+*.gz
+
+
+# Coveralls
+coverage
+
+# Benchmarking
 benchmarks/graphs
-testing
-node_modules/
-testing
-.coverage_data
-cover_html
-test.js
-.idea
--- a/.npmignore
+++ b/.npmignore
@@ -1,9 +0,0 @@
-.git*
-docs/
-examples/
-support/
-test/
-testing.js
-.DS_Store
-coverage.html
-lib-cov
--- a/.travis.yml
+++ b/.travis.yml
@@ -1,4 +1,11 @@
 language: node_js
 node_js:
  - "0.8"
-  - "0.10"
+  - "0.10"
+  - "0.11"
+matrix:
+  allow_failures:
+    - node_js: "0.11"
+  fast_finish: true
+script: "npm run-script test-travis"
+after_script: "npm install coveralls@2.10.0 && cat ./coverage/lcov.info | coveralls"
--- a/History.md
+++ b/History.md
@@ -1,17 +1,622 @@
-4.0.0 /
+3.18.3 / 2014-11-09
+===================
+
+  * deps: connect@2.27.3
+    - Correctly invoke async callback asynchronously
+    - deps: csurf@~1.6.3
+
+3.18.2 / 2014-10-28
+===================
+
+  * deps: connect@2.27.2
+    - Fix handling of URLs containing `://` in the path
+    - deps: body-parser@~1.9.2
+    - deps: qs@2.3.2
+
+3.18.1 / 2014-10-22
+===================
+
+  * Fix internal `utils.merge` deprecation warnings
+  * deps: connect@2.27.1
+    - deps: body-parser@~1.9.1
+    - deps: express-session@~1.9.1
+    - deps: finalhandler@0.3.2
+    - deps: morgan@~1.4.1
+    - deps: qs@2.3.0
+    - deps: serve-static@~1.7.1
+  * deps: send@0.10.1
+    - deps: on-finished@~2.1.1
+
+3.18.0 / 2014-10-17
+===================
+
+  * Use `content-disposition` module for `res.attachment`/`res.download`
+    - Sends standards-compliant `Content-Disposition` header
+    - Full Unicode support
+  * Use `etag` module to generate `ETag` headers
+  * deps: connect@2.27.0
+    - Use `http-errors` module for creating errors
+    - Use `utils-merge` module for merging objects
+    - deps: body-parser@~1.9.0
+    - deps: compression@~1.2.0
+    - deps: connect-timeout@~1.4.0
+    - deps: debug@~2.1.0
+    - deps: depd@~1.0.0
+    - deps: express-session@~1.9.0
+    - deps: finalhandler@0.3.1
+    - deps: method-override@~2.3.0
+    - deps: morgan@~1.4.0
+    - deps: response-time@~2.2.0
+    - deps: serve-favicon@~2.1.6
+    - deps: serve-index@~1.5.0
+    - deps: serve-static@~1.7.0
+  * deps: debug@~2.1.0
+    - Implement `DEBUG_FD` env variable support
+  * deps: depd@~1.0.0
+  * deps: send@0.10.0
+    - deps: debug@~2.1.0
+    - deps: depd@~1.0.0
+    - deps: etag@~1.5.0
+
+3.17.8 / 2014-10-15
+===================
+
+  * deps: connect@2.26.6
+    - deps: compression@~1.1.2
+    - deps: csurf@~1.6.2
+    - deps: errorhandler@~1.2.2
+
+3.17.7 / 2014-10-08
+===================
+
+  * deps: connect@2.26.5
+    - Fix accepting non-object arguments to `logger`
+    - deps: serve-static@~1.6.4
+
+3.17.6 / 2014-10-02
+===================
+
+  * deps: connect@2.26.4
+    - deps: morgan@~1.3.2
+    - deps: type-is@~1.5.2
+
+3.17.5 / 2014-09-24
+===================
+
+  * deps: connect@2.26.3
+    - deps: body-parser@~1.8.4
+    - deps: serve-favicon@~2.1.5
+    - deps: serve-static@~1.6.3
+  * deps: proxy-addr@~1.0.3
+    - Use `forwarded` npm module
+  * deps: send@0.9.3
+    - deps: etag@~1.4.0
+
+3.17.4 / 2014-09-19
+===================
+
+  * deps: connect@2.26.2
+    - deps: body-parser@~1.8.3
+    - deps: qs@2.2.4
+
+3.17.3 / 2014-09-18
+===================
+
+  * deps: proxy-addr@~1.0.2
+    - Fix a global leak when multiple subnets are trusted
+    - deps: ipaddr.js@0.1.3
+
+3.17.2 / 2014-09-15
+===================
+
+  * Use `crc` instead of `buffer-crc32` for speed
+  * deps: connect@2.26.1
+    - deps: body-parser@~1.8.2
+    - deps: depd@0.4.5
+    - deps: express-session@~1.8.2
+    - deps: morgan@~1.3.1
+    - deps: serve-favicon@~2.1.3
+    - deps: serve-static@~1.6.2
+  * deps: depd@0.4.5
+  * deps: send@0.9.2
+    - deps: depd@0.4.5
+    - deps: etag@~1.3.1
+    - deps: range-parser@~1.0.2
+
+3.17.1 / 2014-09-08
+===================
+
+  * Fix error in `req.subdomains` on empty host
+
+3.17.0 / 2014-09-08
+===================
+
+  * Support IP address host in `req.subdomains`
+  * deps: connect@2.26.0
+    - deps: body-parser@~1.8.1
+    - deps: compression@~1.1.0
+    - deps: connect-timeout@~1.3.0
+    - deps: cookie-parser@~1.3.3
+    - deps: cookie-signature@1.0.5
+    - deps: csurf@~1.6.1
+    - deps: debug@~2.0.0
+    - deps: errorhandler@~1.2.0
+    - deps: express-session@~1.8.1
+    - deps: finalhandler@0.2.0
+    - deps: fresh@0.2.4
+    - deps: media-typer@0.3.0
+    - deps: method-override@~2.2.0
+    - deps: morgan@~1.3.0
+    - deps: qs@2.2.3
+    - deps: serve-favicon@~2.1.3
+    - deps: serve-index@~1.2.1
+    - deps: serve-static@~1.6.1
+    - deps: type-is@~1.5.1
+    - deps: vhost@~3.0.0
+  * deps: cookie-signature@1.0.5
+  * deps: debug@~2.0.0
+  * deps: fresh@0.2.4
+  * deps: media-typer@0.3.0
+    - Throw error when parameter format invalid on parse
+  * deps: range-parser@~1.0.2
+  * deps: send@0.9.1
+    - Add `lastModified` option
+    - Use `etag` to generate `ETag` header
+    - deps: debug@~2.0.0
+    - deps: fresh@0.2.4
+  * deps: vary@~1.0.0
+    - Accept valid `Vary` header string as `field`
+
+3.16.10 / 2014-09-04
+====================
+
+  * deps: connect@2.25.10
+    - deps: serve-static@~1.5.4
+  * deps: send@0.8.5
+    - Fix a path traversal issue when using `root`
+    - Fix malicious path detection for empty string path
+
+3.16.9 / 2014-08-29
+===================
+
+  * deps: connect@2.25.9
+    - deps: body-parser@~1.6.7
+    - deps: qs@2.2.2
+
+3.16.8 / 2014-08-27
+===================
+
+  * deps: connect@2.25.8
+    - deps: body-parser@~1.6.6
+    - deps: csurf@~1.4.1
+    - deps: qs@2.2.0
+
+3.16.7 / 2014-08-18
+===================
+
+  * deps: connect@2.25.7
+    - deps: body-parser@~1.6.5
+    - deps: express-session@~1.7.6
+    - deps: morgan@~1.2.3
+    - deps: serve-static@~1.5.3
+  * deps: send@0.8.3
+    - deps: destroy@1.0.3
+    - deps: on-finished@2.1.0
+
+3.16.6 / 2014-08-14
+===================
+
+  * deps: connect@2.25.6
+    - deps: body-parser@~1.6.4
+    - deps: qs@1.2.2
+    - deps: serve-static@~1.5.2
+  * deps: send@0.8.2
+    - Work around `fd` leak in Node.js 0.10 for `fs.ReadStream`
+
+3.16.5 / 2014-08-11
+===================
+
+  * deps: connect@2.25.5
+    - Fix backwards compatibility in `logger`
+
+3.16.4 / 2014-08-10
+===================
+
+  * Fix original URL parsing in `res.location`
+  * deps: connect@2.25.4
+    - Fix `query` middleware breaking with argument
+    - deps: body-parser@~1.6.3
+    - deps: compression@~1.0.11
+    - deps: connect-timeout@~1.2.2
+    - deps: express-session@~1.7.5
+    - deps: method-override@~2.1.3
+    - deps: on-headers@~1.0.0
+    - deps: parseurl@~1.3.0
+    - deps: qs@1.2.1
+    - deps: response-time@~2.0.1
+    - deps: serve-index@~1.1.6
+    - deps: serve-static@~1.5.1
+  * deps: parseurl@~1.3.0
+
+3.16.3 / 2014-08-07
+===================
+
+  * deps: connect@2.25.3
+    - deps: multiparty@3.3.2
+
+3.16.2 / 2014-08-07
+===================
+
+  * deps: connect@2.25.2
+    - deps: body-parser@~1.6.2
+    - deps: qs@1.2.0
+
+3.16.1 / 2014-08-06
+===================
+
+  * deps: connect@2.25.1
+    - deps: body-parser@~1.6.1
+    - deps: qs@1.1.0
+
+3.16.0 / 2014-08-05
+===================
+
+  * deps: connect@2.25.0
+    - deps: body-parser@~1.6.0
+    - deps: compression@~1.0.10
+    - deps: csurf@~1.4.0
+    - deps: express-session@~1.7.4
+    - deps: qs@1.0.2
+    - deps: serve-static@~1.5.0
+  * deps: send@0.8.1
+    - Add `extensions` option
+
+3.15.3 / 2014-08-04
+===================
+
+  * fix `res.sendfile` regression for serving directory index files
+  * deps: connect@2.24.3
+    - deps: serve-index@~1.1.5
+    - deps: serve-static@~1.4.4
+  * deps: send@0.7.4
+    - Fix incorrect 403 on Windows and Node.js 0.11
+    - Fix serving index files without root dir
+
+3.15.2 / 2014-07-27
+===================
+
+  * deps: connect@2.24.2
+    - deps: body-parser@~1.5.2
+    - deps: depd@0.4.4
+    - deps: express-session@~1.7.2
+    - deps: morgan@~1.2.2
+    - deps: serve-static@~1.4.2
+  * deps: depd@0.4.4
+    - Work-around v8 generating empty stack traces
+  * deps: send@0.7.2
+    - deps: depd@0.4.4
+
+3.15.1 / 2014-07-26
+===================
+
+  * deps: connect@2.24.1
+    - deps: body-parser@~1.5.1
+    - deps: depd@0.4.3
+    - deps: express-session@~1.7.1
+    - deps: morgan@~1.2.1
+    - deps: serve-index@~1.1.4
+    - deps: serve-static@~1.4.1
+  * deps: depd@0.4.3
+    - Fix exception when global `Error.stackTraceLimit` is too low
+  * deps: send@0.7.1
+    - deps: depd@0.4.3
+
+3.15.0 / 2014-07-22
+===================
+
+  * Fix `req.protocol` for proxy-direct connections
+  * Pass options from `res.sendfile` to `send`
+  * deps: connect@2.24.0
+    - deps: body-parser@~1.5.0
+    - deps: compression@~1.0.9
+    - deps: connect-timeout@~1.2.1
+    - deps: debug@1.0.4
+    - deps: depd@0.4.2
+    - deps: express-session@~1.7.0
+    - deps: finalhandler@0.1.0
+    - deps: method-override@~2.1.2
+    - deps: morgan@~1.2.0
+    - deps: multiparty@3.3.1
+    - deps: parseurl@~1.2.0
+    - deps: serve-static@~1.4.0
+  * deps: debug@1.0.4
+  * deps: depd@0.4.2
+    - Add `TRACE_DEPRECATION` environment variable
+    - Remove non-standard grey color from color output
+    - Support `--no-deprecation` argument
+    - Support `--trace-deprecation` argument
+  * deps: parseurl@~1.2.0
+    - Cache URLs based on original value
+    - Remove no-longer-needed URL mis-parse work-around
+    - Simplify the "fast-path" `RegExp`
+  * deps: send@0.7.0
+    - Add `dotfiles` option
+    - Cap `maxAge` value to 1 year
+    - deps: debug@1.0.4
+    - deps: depd@0.4.2
+
+3.14.0 / 2014-07-11
+===================
+
+ * add explicit "Rosetta Flash JSONP abuse" protection
+   - previous versions are not vulnerable; this is just explicit protection
+ * deprecate `res.redirect(url, status)` -- use `res.redirect(status, url)` instead
+ * fix `res.send(status, num)` to send `num` as json (not error)
+ * remove unnecessary escaping when `res.jsonp` returns JSON response
+ * deps: basic-auth@1.0.0
+   - support empty password
+   - support empty username
+ * deps: connect@2.23.0
+   - deps: debug@1.0.3
+   - deps: express-session@~1.6.4
+   - deps: method-override@~2.1.0
+   - deps: parseurl@~1.1.3
+   - deps: serve-static@~1.3.1
+  * deps: debug@1.0.3
+    - Add support for multiple wildcards in namespaces
+  * deps: methods@1.1.0
+    - add `CONNECT`
+  * deps: parseurl@~1.1.3
+    - faster parsing of href-only URLs
+
+3.13.0 / 2014-07-03
+===================
+
+ * add deprecation message to `app.configure`
+ * add deprecation message to `req.auth`
+ * use `basic-auth` to parse `Authorization` header
+ * deps: connect@2.22.0
+   - deps: csurf@~1.3.0
+   - deps: express-session@~1.6.1
+   - deps: multiparty@3.3.0
+   - deps: serve-static@~1.3.0
+ * deps: send@0.5.0
+   - Accept string for `maxage` (converted by `ms`)
+   - Include link in default redirect response
+
+3.12.1 / 2014-06-26
+===================
+
+ * deps: connect@2.21.1
+   - deps: cookie-parser@1.3.2
+   - deps: cookie-signature@1.0.4
+   - deps: express-session@~1.5.2
+   - deps: type-is@~1.3.2
+ * deps: cookie-signature@1.0.4
+   - fix for timing attacks
+
+3.12.0 / 2014-06-21
+===================
+
+ * use `media-typer` to alter content-type charset
+ * deps: connect@2.21.0
+   - deprecate `connect(middleware)` -- use `app.use(middleware)` instead
+   - deprecate `connect.createServer()` -- use `connect()` instead
+   - fix `res.setHeader()` patch to work with with get -> append -> set pattern
+   - deps: compression@~1.0.8
+   - deps: errorhandler@~1.1.1
+   - deps: express-session@~1.5.0
+   - deps: serve-index@~1.1.3
+
+3.11.0 / 2014-06-19
+===================
+
+ * deprecate things with `depd` module
+ * deps: buffer-crc32@0.2.3
+ * deps: connect@2.20.2
+   - deprecate `verify` option to `json` -- use `body-parser` npm module instead
+   - deprecate `verify` option to `urlencoded` -- use `body-parser` npm module instead
+   - deprecate things with `depd` module
+   - use `finalhandler` for final response handling
+   - use `media-typer` to parse `content-type` for charset
+   - deps: body-parser@1.4.3
+   - deps: connect-timeout@1.1.1
+   - deps: cookie-parser@1.3.1
+   - deps: csurf@1.2.2
+   - deps: errorhandler@1.1.0
+   - deps: express-session@1.4.0
+   - deps: multiparty@3.2.9
+   - deps: serve-index@1.1.2
+   - deps: type-is@1.3.1
+   - deps: vhost@2.0.0
+
+3.10.5 / 2014-06-11
+===================
+
+ * deps: connect@2.19.6
+   - deps: body-parser@1.3.1
+   - deps: compression@1.0.7
+   - deps: debug@1.0.2
+   - deps: serve-index@1.1.1
+   - deps: serve-static@1.2.3
+ * deps: debug@1.0.2
+ * deps: send@0.4.3
+   - Do not throw un-catchable error on file open race condition
+   - Use `escape-html` for HTML escaping
+   - deps: debug@1.0.2
+   - deps: finished@1.2.2
+   - deps: fresh@0.2.2
+
+3.10.4 / 2014-06-09
+===================
+
+ * deps: connect@2.19.5
+   - fix "event emitter leak" warnings
+   - deps: csurf@1.2.1
+   - deps: debug@1.0.1
+   - deps: serve-static@1.2.2
+   - deps: type-is@1.2.1
+ * deps: debug@1.0.1
+ * deps: send@0.4.2
+   - fix "event emitter leak" warnings
+   - deps: finished@1.2.1
+   - deps: debug@1.0.1
+
+3.10.3 / 2014-06-05
+===================
+
+ * use `vary` module for `res.vary`
+ * deps: connect@2.19.4
+   - deps: errorhandler@1.0.2
+   - deps: method-override@2.0.2
+   - deps: serve-favicon@2.0.1
+ * deps: debug@1.0.0
+
+3.10.2 / 2014-06-03
+===================
+
+ * deps: connect@2.19.3
+   - deps: compression@1.0.6
+
+3.10.1 / 2014-06-03
+===================
+
+ * deps: connect@2.19.2
+   - deps: compression@1.0.4
+ * deps: proxy-addr@1.0.1
+
+3.10.0 / 2014-06-02
+===================
+
+ * deps: connect@2.19.1
+   - deprecate `methodOverride()` -- use `method-override` npm module instead
+   - deps: body-parser@1.3.0
+   - deps: method-override@2.0.1
+   - deps: multiparty@3.2.8
+   - deps: response-time@2.0.0
+   - deps: serve-static@1.2.1
+ * deps: methods@1.0.1
+ * deps: send@0.4.1
+   - Send `max-age` in `Cache-Control` in correct format
+
+3.9.0 / 2014-05-30
 ==================

- * remove:
-   - express(1) - moved to [express-generator](https://github.com/expressjs/generator)
-   - `req.accepted*` - use `req.accepts*()` instead
-   - `app.configure` - use logic in your own app code
- * change:
-   - `req.accepts*` -> `req.accepts*s` - i.e. `req.acceptsEncoding` -> `req.acceptsEncodings`
-   - `req.params` is now an object instead of an array
-   - `json spaces` no longer enabled by default in development
- * refactor:
-   - `req.accepts*` with [accepts](https://github.com/expressjs/accepts)
-   - `req.is` with [type-is](https://github.com/expressjs/type-is)
+ * custom etag control with `app.set('etag', val)`
+   - `app.set('etag', function(body, encoding){ return '"etag"' })` custom etag generation
+   - `app.set('etag', 'weak')` weak tag
+   - `app.set('etag', 'strong')` strong etag
+   - `app.set('etag', false)` turn off
+   - `app.set('etag', true)` standard etag
+ * Include ETag in HEAD requests
+ * mark `res.send` ETag as weak and reduce collisions
+ * update connect to 2.18.0
+   - deps: compression@1.0.3
+   - deps: serve-index@1.1.0
+   - deps: serve-static@1.2.0
+ * update send to 0.4.0
+   - Calculate ETag with md5 for reduced collisions
+   - Ignore stream errors after request ends
+   - deps: debug@0.8.1
+
+3.8.1 / 2014-05-27
+==================
+
+ * update connect to 2.17.3
+   - deps: body-parser@1.2.2
+   - deps: express-session@1.2.1
+   - deps: method-override@1.0.2
+
+3.8.0 / 2014-05-21
+==================
+
+ * keep previous `Content-Type` for `res.jsonp`
+ * set proper `charset` in `Content-Type` for `res.send`
+ * update connect to 2.17.1
+   - fix `res.charset` appending charset when `content-type` has one
+   - deps: express-session@1.2.0
+   - deps: morgan@1.1.1
+   - deps: serve-index@1.0.3
+
+3.7.0 / 2014-05-18
+==================
+
+ * proper proxy trust with `app.set('trust proxy', trust)`
+   - `app.set('trust proxy', 1)` trust first hop
+   - `app.set('trust proxy', 'loopback')` trust loopback addresses
+   - `app.set('trust proxy', '10.0.0.1')` trust single IP
+   - `app.set('trust proxy', '10.0.0.1/16')` trust subnet
+   - `app.set('trust proxy', '10.0.0.1, 10.0.0.2')` trust list
+   - `app.set('trust proxy', false)` turn off
+   - `app.set('trust proxy', true)` trust everything
+ * update connect to 2.16.2
+   - deprecate `res.headerSent` -- use `res.headersSent`
+   - deprecate `res.on("header")` -- use on-headers module instead
+   - fix edge-case in `res.appendHeader` that would append in wrong order
+   - json: use body-parser
+   - urlencoded: use body-parser
+   - dep: bytes@1.0.0
+   - dep: cookie-parser@1.1.0
+   - dep: csurf@1.2.0
+   - dep: express-session@1.1.0
+   - dep: method-override@1.0.1
+
+3.6.0 / 2014-05-09
+==================
+
+ * deprecate `app.del()` -- use `app.delete()` instead
+ * deprecate `res.json(obj, status)` -- use `res.json(status, obj)` instead
+   - the edge-case `res.json(status, num)` requires `res.status(status).json(num)`
+ * deprecate `res.jsonp(obj, status)` -- use `res.jsonp(status, obj)` instead
+   - the edge-case `res.jsonp(status, num)` requires `res.status(status).jsonp(num)`
+ * support PURGE method
+   - add `app.purge`
+   - add `router.purge`
+   - include PURGE in `app.all`
+ * update connect to 2.15.0
+   * Add `res.appendHeader`
+   * Call error stack even when response has been sent
+   * Patch `res.headerSent` to return Boolean
+   * Patch `res.headersSent` for node.js 0.8
+   * Prevent default 404 handler after response sent
+   * dep: compression@1.0.2
+   * dep: connect-timeout@1.1.0
+   * dep: debug@^0.8.0
+   * dep: errorhandler@1.0.1
+   * dep: express-session@1.0.4
+   * dep: morgan@1.0.1
+   * dep: serve-favicon@2.0.0
+   * dep: serve-index@1.0.2
+ * update debug to 0.8.0
+   * add `enable()` method
+   * change from stderr to stdout
+ * update methods to 1.0.0
+   - add PURGE
+ * update mkdirp to 0.5.0
+
+3.5.3 / 2014-05-08
+==================
+
+ * fix `req.host` for IPv6 literals
+ * fix `res.jsonp` error if callback param is object
+
+3.5.2 / 2014-04-24
+==================
+
+ * update connect to 2.14.5
+ * update cookie to 0.1.2
+ * update mkdirp to 0.4.0
+ * update send to 0.3.0
+
+3.5.1 / 2014-03-25
+==================
+
+ * pin less-middleware in generated app
+
+3.5.0 / 2014-03-06
+==================
+
+ * bump deps

 3.4.8 / 2014-01-13
 ==================
--- a/34
+++ b/34
@@ -1,34 +0,0 @@
-
-MOCHA_OPTS= --check-leaks
-REPORTER = dot
-
-check: test
-
-test: test-unit test-acceptance
-
-test-unit:
-	@NODE_ENV=test ./node_modules/.bin/mocha \
-		--reporter $(REPORTER) \
-		--globals setImmediate,clearImmediate \
-		$(MOCHA_OPTS)
-
-test-acceptance:
-	@NODE_ENV=test ./node_modules/.bin/mocha \
-		--reporter $(REPORTER) \
-		--bail \
-		test/acceptance/*.js
-
-test-cov: lib-cov
-	@EXPRESS_COV=1 $(MAKE) test REPORTER=html-cov > coverage.html
-
-lib-cov:
-	@jscoverage lib lib-cov
-
-bench:
-	@$(MAKE) -C benchmarks
-
-clean:
-	rm -f coverage.html
-	rm -fr lib-cov
-
-.PHONY: test test-unit test-acceptance bench clean
--- a/Readme.md
+++ b/Readme.md
@@ -2,7 +2,10 @@

  Fast, unopinionated, minimalist web framework for [node](http://nodejs.org).

-  [![Build Status](https://secure.travis-ci.org/visionmedia/express.png)](http://travis-ci.org/visionmedia/express) [![Gittip](http://img.shields.io/gittip/visionmedia.png)](https://www.gittip.com/visionmedia/)
+  [![NPM version](https://img.shields.io/npm/v/express.svg?style=flat)](https://www.npmjs.org/package/express)
+  [![Build Status](https://img.shields.io/travis/strongloop/express.svg?style=flat)](https://travis-ci.org/strongloop/express)
+  [![Coverage Status](https://img.shields.io/coveralls/strongloop/express.svg?style=flat)](https://coveralls.io/r/strongloop/express)
+  [![Gittip](https://img.shields.io/gittip/dougwilson.svg?style=flat)](https://www.gittip.com/dougwilson/)

 ```js
 var express = require('express');
@@ -62,11 +65,11 @@ app.listen(3000);

 ## More Information

-  * [Website and Documentation](http://expressjs.com/) stored at [visionmedia/expressjs.com](https://github.com/visionmedia/expressjs.com)
+  * [Website and Documentation](http://expressjs.com/) stored at [strongloop/expressjs.com](https://github.com/strongloop/expressjs.com)
  * Join #express on freenode
  * [Google Group](http://groups.google.com/group/express-js) for discussion
  * Follow [tjholowaychuk](http://twitter.com/tjholowaychuk) on twitter for updates
-  * Visit the [Wiki](http://github.com/visionmedia/express/wiki)
+  * Visit the [Wiki](http://github.com/strongloop/express/wiki)
  * [Русскоязычная документация](http://jsman.ru/express/)
  * Run express examples [online](https://runnable.com/express)

@@ -74,7 +77,7 @@ app.listen(3000);

 Clone the Express repo, then install the dev dependencies to install all the example / test suite dependencies:

-    $ git clone git://github.com/visionmedia/express.git --depth 1
+    $ git clone git://github.com/strongloop/express.git --depth 1
    $ cd express
    $ npm install

@@ -94,11 +97,13 @@ To run the test suite, first invoke the following command within the repo, insta

 Then run the tests:

-    $ make test
+```sh
+$ npm test
+```

 ## Contributors

-  https://github.com/visionmedia/express/graphs/contributors
+  https://github.com/strongloop/express/graphs/contributors

 ## License

--- a/bin/express
+++ b/bin/express
@@ -335,7 +335,7 @@ function createApplicationAt(path) {

    // Session support
    app = app.replace('{sess}', program.sessions
-      ? eol + 'app.use(express.cookieParser(\'your secret here\'));' + eol + 'app.use(express.session());'
+      ? eol + 'app.use(express.session({ secret: \'your secret here\' }));'
      : '');

    // Template support
@@ -357,7 +357,7 @@ function createApplicationAt(path) {
    // CSS Engine support
    switch (program.css) {
      case 'less':
-        pkg.dependencies['less-middleware'] = '*';
+        pkg.dependencies['less-middleware'] = '~0.1.15';
        break;
      default:
        if (program.css) {
--- a/examples/auth/app.js
+++ b/examples/auth/app.js
@@ -14,9 +14,8 @@ app.set('views', __dirname + '/views');

 // middleware

-app.use(express.bodyParser());
-app.use(express.cookieParser('shhhh, very secret'));
-app.use(express.session());
+app.use(express.urlencoded({ extended: false }));
+app.use(express.session({ secret: 'shhhh, very secret' }));

 // Session-persisted message middleware

@@ -118,6 +117,7 @@ app.post('/login', function(req, res){
  });
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
--- a/examples/big-view/index.js
+++ b/examples/big-view/index.js
@@ -20,5 +20,8 @@ app.get('/', function(req, res){
  res.render('pets', { pets: pets });
 });

-app.listen(3000);
-console.log('Express listening on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/content-negotiation/index.js
+++ b/examples/content-negotiation/index.js
@@ -37,7 +37,8 @@ function format(path) {

 app.get('/users', format('./users'));

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
-  console.log('listening on port 3000');
+  console.log('Express started on port 3000');
 }
--- a/examples/cookie-sessions/index.js
+++ b/examples/cookie-sessions/index.js
@@ -26,7 +26,8 @@ function count(req, res) {
  res.send('viewed ' + n + ' times\n');
 }

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
-  console.log('Express server listening on port 3000');
-}
+  console.log('Express started on port 3000');
+}
--- a/examples/cookies/app.js
+++ b/examples/cookies/app.js
@@ -15,8 +15,7 @@ var express = require('../../')
 app.use(express.favicon());

 // custom log format
-if ('test' != process.env.NODE_ENV)
-  app.use(express.logger(':method :url'));
+if ('test' != process.env.NODE_ENV) app.use(express.logger(':method :url'));

 // parses request cookies, populating
 // req.cookies and req.signedCookies
@@ -48,7 +47,8 @@ app.post('/', function(req, res){
  res.redirect('back');
 });

-if (!module.parent){
+/* istanbul ignore next */
+if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
-}
+}
--- a/examples/downloads/app.js
+++ b/examples/downloads/app.js
@@ -38,7 +38,8 @@ app.use(function(err, req, res, next){
  }
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
-}
+}
--- a/examples/ejs/index.js
+++ b/examples/ejs/index.js
@@ -44,7 +44,8 @@ app.get('/', function(req, res){
  });
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
-  console.log('Express app started on port 3000');
+  console.log('Express started on port 3000');
 }
--- a/examples/error-pages/index.js
+++ b/examples/error-pages/index.js
@@ -17,9 +17,7 @@ app.enable('verbose errors');

 // disable them in production
 // use $ NODE_ENV=production node examples/error-pages
-if ('production' == app.settings.env) {
-  app.disable('verbose errors');
-}
+if ('production' == app.settings.env) app.disable('verbose errors');

 app.use(express.favicon());

@@ -106,7 +104,8 @@ app.get('/500', function(req, res, next){
  next(new Error('keyboard cat!'));
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
-  silent || console.log('Express started on port 3000');
-}
+  console.log('Express started on port 3000');
+}
--- a/examples/error/index.js
+++ b/examples/error/index.js
@@ -42,7 +42,8 @@ app.get('/next', function(req, res, next){
  });
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
-}
+}
--- a/examples/expose-data-to-client/index.js
+++ b/examples/expose-data-to-client/index.js
@@ -56,5 +56,8 @@ app.get('/user', function(req, res){
  res.render('page');
 });

-app.listen(3000);
-console.log('app listening on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/hello-world/index.js
+++ b/examples/hello-world/index.js
@@ -7,5 +7,8 @@ app.get('/', function(req, res){
  res.send('Hello World');
 });

-app.listen(3000);
-console.log('Express started on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/jade/index.js
+++ b/examples/jade/index.js
@@ -41,5 +41,8 @@ app.get('/', function(req, res){
  res.render('users', { users: users });
 });

-app.listen(3000);
-console.log('Express app started on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/markdown/index.js
+++ b/examples/markdown/index.js
@@ -39,6 +39,7 @@ app.get('/fail', function(req, res){
  res.render('missing', { title: 'Markdown Example' });
 })

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
--- a/examples/multipart/index.js
+++ b/examples/multipart/index.js
@@ -30,7 +30,8 @@ app.post('/', function(req, res, next){
    , req.body.title));
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
-}
+}
--- a/examples/mvc/controllers/pet/index.js
+++ b/examples/mvc/controllers/pet/index.js
@@ -20,7 +20,7 @@ exports.edit = function(req, res, next){

 exports.update = function(req, res, next){
  var body = req.body;
-  req.pet.name = body.user.name;
+  req.pet.name = body.pet.name;
  res.message('Information updated!');
  res.redirect('/pet/' + req.pet.id);
 };
--- a/examples/mvc/index.js
+++ b/examples/mvc/index.js
@@ -31,11 +31,10 @@ if (!module.parent) app.use(express.logger('dev'));
 app.use(express.static(__dirname + '/public'));

 // session support
-app.use(express.cookieParser('some secret here'));
-app.use(express.session());
+app.use(express.session({ secret: 'some secret here' }));

 // parse request bodies (req.body)
-app.use(express.bodyParser());
+app.use(express.urlencoded({ extended: true }));

 // support _method (PUT in forms etc)
 app.use(express.methodOverride());
@@ -86,7 +85,8 @@ app.use(function(req, res, next){
  res.status(404).render('404', { url: req.originalUrl });
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
-  console.log('\n  listening on port 3000\n');
+  console.log('Express started on port 3000');
 }
--- a/examples/online/index.js
+++ b/examples/online/index.js
@@ -50,5 +50,8 @@ app.get('/', function(req, res, next){
  });
 });

-app.listen(3000);
-console.log('listening on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/params/app.js
+++ b/examples/params/app.js
@@ -19,8 +19,8 @@ var users = [
 // Convert :to and :from to integers

 app.param(['to', 'from'], function(req, res, next, num, name){ 
-  req.params[name] = num = parseInt(num, 10);
-  if( isNaN(num) ){
+  req.params[name] = parseInt(num, 10);
+  if( isNaN(req.params[name]) ){
    next(new Error('failed to parseInt '+num));
  } else {
    next();
@@ -64,7 +64,8 @@ app.get('/users/:from-:to', function(req, res, next){
  res.send('users ' + names.slice(from, to).join(', '));
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
-}
+}
--- a/examples/resource/app.js
+++ b/examples/resource/app.js
@@ -18,7 +18,10 @@ app.resource = function(path, obj) {
    obj.range(req, res, a, b, format);
  });
  this.get(path + '/:id', obj.show);
-  this.del(path + '/:id', obj.destroy);
+  this.delete(path + '/:id', function(req, res){
+    var id = parseInt(req.params.id, 10);
+    obj.destroy(req, res, id);
+  });
 };

 // Fake records
@@ -41,8 +44,7 @@ var User = {
  show: function(req, res){
    res.send(users[req.params.id] || { error: 'Cannot find user' });
  },
-  destroy: function(req, res){
-    var id = req.params.id;
+  destroy: function(req, res, id){
    var destroyed = id in users;
    delete users[id];
    res.send(destroyed ? 'destroyed' : 'Cannot find user');
@@ -85,7 +87,8 @@ app.get('/', function(req, res){
  ].join('\n')); 
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
-}
+}
--- a/examples/route-map/index.js
+++ b/examples/route-map/index.js
@@ -29,7 +29,7 @@ var users = {
    res.send('user ' + req.params.uid);
  },

-  del: function(req, res){
+  delete: function(req, res){
    res.send('delete users');
  }
 };
@@ -39,7 +39,7 @@ var pets = {
    res.send('user ' + req.params.uid + '\'s pets');
  },

-  del: function(req, res){
+  delete: function(req, res){
    res.send('delete ' + req.params.uid + '\'s pet ' + req.params.pid);
  }
 };
@@ -47,17 +47,21 @@ var pets = {
 app.map({
  '/users': {
    get: users.list,
-    del: users.del,
+    delete: users.delete,
    '/:uid': {
      get: users.get,
      '/pets': {
        get: pets.list,
        '/:pid': {
-          del: pets.del
+          delete: pets.delete
        }
      }
    }
  }
 });

-app.listen(3000);
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/route-middleware/index.js
+++ b/examples/route-middleware/index.js
@@ -77,9 +77,12 @@ app.get('/user/:id/edit', loadUser, andRestrictToSelf, function(req, res){
  res.send('Editing user ' + req.user.name);
 });

-app.del('/user/:id', loadUser, andRestrictTo('admin'), function(req, res){
+app.delete('/user/:id', loadUser, andRestrictTo('admin'), function(req, res){
  res.send('Deleted user ' + req.user.name);
 });

-app.listen(3000);
-console.log('Express app started on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/route-separation/index.js
+++ b/examples/route-separation/index.js
@@ -36,5 +36,8 @@ app.put('/user/:id/edit', user.update);

 app.get('/posts', post.list);

-app.listen(3000);
-console.log('Express app started on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/search/index.js
+++ b/examples/search/index.js
@@ -57,5 +57,8 @@ app.get('/client.js', function(req, res){
  res.sendfile(__dirname + '/client.js');
 });

-app.listen(3000);
-console.log('app listening on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/session/index.js
+++ b/examples/session/index.js
@@ -9,13 +9,8 @@ var app = express();

 app.use(express.logger('dev'));

-// Required by session() middleware
-// pass the secret for signed cookies
-// (required by session())
-app.use(express.cookieParser('keyboard cat'));
-
 // Populates req.session
-app.use(express.session());
+app.use(express.session({ secret: 'keyboard cat' }));

 app.get('/', function(req, res){
  var body = '';
@@ -28,5 +23,8 @@ app.get('/', function(req, res){
  res.send(body + '<p>viewed <strong>' + req.session.views + '</strong> times.</p>');
 });

-app.listen(3000);
-console.log('Express app started on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/session/redis.js
+++ b/examples/session/redis.js
@@ -10,13 +10,8 @@ var app = express();

 app.use(express.logger('dev'));

-// Required by session() middleware
-// pass the secret for signed cookies
-// (required by session())
-app.use(express.cookieParser('keyboard cat'));
-
 // Populates req.session
-app.use(express.session({ store: new RedisStore }));
+app.use(express.session({ store: new RedisStore, secret: 'keyboard cat' }));

 app.get('/', function(req, res){
  var body = '';
--- a/examples/vhost/index.js
+++ b/examples/vhost/index.js
@@ -42,5 +42,8 @@ var app = express();
 app.use(express.vhost('*.example.com', redirect)) // Serves all subdomains via Redirect app
 app.use(express.vhost('example.com', main)); // Serves top level domain via Main server app 

-app.listen(3000);
-console.log('Express app started on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/view-constructor/github-view.js
+++ b/examples/view-constructor/github-view.js
@@ -35,13 +35,13 @@ function GithubView(name, options){
 GithubView.prototype.render = function(options, fn){
  var self = this;
  var opts = {
-    host: 'rawgithub.com',
-    port: 80,
+    host: 'raw.githubusercontent.com',
+    port: 443,
    path: this.path,
    method: 'GET'
  };

-  http.request(opts, function(res) {
+  https.request(opts, function(res) {
    var buf = '';
    res.setEncoding('utf8');
    res.on('data', function(str){ buf += str });
--- a/examples/view-constructor/index.js
+++ b/examples/view-constructor/index.js
@@ -24,7 +24,7 @@ app.engine('md', function(str, options, fn){
 })

 // pointing to a particular github repo to load files from it
-app.set('views', 'visionmedia/express');
+app.set('views', 'strongloop/express');

 // register a new view constructor
 app.set('view', GithubView);
@@ -37,10 +37,11 @@ app.get('/', function(req, res){
 })

 app.get('/Readme.md', function(req, res){
-  // rendering a view from https://github.com/visionmedia/express/blob/master/Readme.md
+  // rendering a view from https://github.com/strongloop/express/blob/master/Readme.md
  res.render('Readme.md');
 })

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
  console.log('Express started on port 3000');
--- a/examples/view-locals/index.js
+++ b/examples/view-locals/index.js
@@ -142,5 +142,8 @@ app.all('/api/*', function(req, res, next){

 */

-app.listen(3000);
-console.log('Application listening on port 3000');
+/* istanbul ignore next */
+if (!module.parent) {
+  app.listen(3000);
+  console.log('Express started on port 3000');
+}
--- a/examples/web-service/index.js
+++ b/examples/web-service/index.js
@@ -73,7 +73,7 @@ var apiKeys = ['foo', 'bar', 'baz'];
 // these two objects will serve as our faux database

 var repos = [
-    { name: 'express', url: 'http://github.com/visionmedia/express' }
+    { name: 'express', url: 'http://github.com/strongloop/express' }
  , { name: 'stylus', url: 'http://github.com/learnboost/stylus' }
  , { name: 'cluster', url: 'http://github.com/learnboost/cluster' }
 ];
@@ -109,7 +109,8 @@ app.get('/api/user/:name/repos', function(req, res, next){
  else next();
 });

+/* istanbul ignore next */
 if (!module.parent) {
  app.listen(3000);
-  console.log('Express server listening on port 3000');
-}
+  console.log('Express started on port 3000');
+}
--- a/index.js
+++ b/index.js
@@ -1,4 +1,2 @@

-module.exports = process.env.EXPRESS_COV
-  ? require('./lib-cov/express')
-  : require('./lib/express');
+module.exports = require('./lib/express');
--- a/lib/application.js
+++ b/lib/application.js
@@ -8,9 +8,12 @@ var connect = require('connect')
  , middleware = require('./middleware')
  , debug = require('debug')('express:application')
  , locals = require('./utils').locals
+  , compileETag = require('./utils').compileETag
+  , compileTrust = require('./utils').compileTrust
  , View = require('./view')
-  , utils = connect.utils
  , http = require('http');
+var deprecate = require('depd')('express');
+var merge = require('utils-merge');

 /**
 * Application prototype.
@@ -44,10 +47,13 @@ app.init = function(){
 app.defaultConfiguration = function(){
  // default settings
  this.enable('x-powered-by');
-  this.enable('etag');
-  this.set('env', process.env.NODE_ENV || 'development');
+  this.set('etag', 'weak');
+  var env = process.env.NODE_ENV || 'development';
+  this.set('env', env);
  this.set('subdomain offset', 2);
-  debug('booting in %s mode', this.get('env'));
+  this.set('trust proxy', false);
+
+  debug('booting in %s mode', env);

  // implicit middleware
  this.use(connect.query());
@@ -82,13 +88,13 @@ app.defaultConfiguration = function(){
  this.set('views', process.cwd() + '/views');
  this.set('jsonp callback name', 'callback');

-  this.configure('development', function(){
+  if (env === 'development') {
    this.set('json spaces', 2);
-  });
+  }

-  this.configure('production', function(){
+  if (env === 'production') {
    this.enable('view cache');
-  });
+  }
 };

 /**
@@ -242,18 +248,33 @@ app.param = function(name, fn){
 * Mounted servers inherit their parent server's settings.
 *
 * @param {String} setting
- * @param {String} val
+ * @param {*} [val]
 * @return {Server} for chaining
 * @api public
 */

 app.set = function(setting, val){
-  if (1 == arguments.length) {
+  if (arguments.length === 1) {
+    // app.get(setting)
    return this.settings[setting];
-  } else {
-    this.settings[setting] = val;
-    return this;
  }
+
+  // set value
+  this.settings[setting] = val;
+
+  // trigger matched settings
+  switch (setting) {
+    case 'etag':
+      debug('compile etag %s', val);
+      this.set('etag fn', compileETag(val));
+      break;
+    case 'trust proxy':
+      debug('compile trust proxy %s', val);
+      this.set('trust proxy fn', compileTrust(val));
+      break;
+  }
+
+  return this;
 };

 /**
@@ -392,6 +413,9 @@ app.configure = function(env, fn){
  return this;
 };

+app.configure = deprecate.function(app.configure,
+  'app.configure: Check app.get(\'env\') in an if statement');
+
 /**
 * Delegate `.VERB(...)` calls to `router.VERB(...)`.
 */
@@ -400,11 +424,6 @@ methods.forEach(function(method){
  app[method] = function(path){
    if ('get' == method && 1 == arguments.length) return this.set(path);

-    // deprecated
-    if (Array.isArray(path)) {
-      console.trace('passing an array to app.VERB() is deprecated and will be removed in 4.0');
-    }
-
    // if no router attached yet, attach the router
    if (!this._usedRouter) this.use(this.router);

@@ -434,7 +453,7 @@ app.all = function(path){

 // del -> delete alias

-app.del = app.delete;
+app.del = deprecate.function(app.delete, 'app.del: Use app.delete instead');

 /**
 * Render the given view `name` name with `options`
@@ -465,13 +484,15 @@ app.render = function(name, options, fn){
  }

  // merge app.locals
-  utils.merge(opts, this.locals);
+  merge(opts, this.locals);

  // merge options._locals
-  if (options._locals) utils.merge(opts, options._locals);
+  if (options._locals) {
+    merge(opts, options._locals);
+  }

  // merge options
-  utils.merge(opts, options);
+  merge(opts, options);

  // set .cache unless explicitly provided
  opts.cache = null == opts.cache
--- a/lib/express.js
+++ b/lib/express.js
@@ -2,14 +2,15 @@
 * Module dependencies.
 */

-var merge = require('merge-descriptors');
+var deprecate = require('depd')('express');
+var mixin = require('merge-descriptors');
+var merge = require('utils-merge');
 var connect = require('connect')
  , proto = require('./application')
  , Route = require('./router/route')
  , Router = require('./router')
  , req = require('./request')
-  , res = require('./response')
-  , utils = connect.utils;
+  , res = require('./response');

 /**
 * Expose `createApplication()`.
@@ -32,7 +33,7 @@ exports.mime = connect.mime;

 function createApplication() {
  var app = connect();
-  utils.merge(app, proto);
+  merge(app, proto);
  app.request = { __proto__: req, app: app };
  app.response = { __proto__: res, app: app };
  app.init();
@@ -44,22 +45,21 @@ function createApplication() {
 * for example `express.logger` etc.
 */

-merge(exports, connect.middleware);
+mixin(exports, connect.middleware);

 /**
- * Error on createServer().
+ * Deprecated createServer().
 */

-exports.createServer = function(){
-  console.warn('Warning: express.createServer() is deprecated, express');
-  console.warn('applications no longer inherit from http.Server,');
-  console.warn('please use:');
-  console.warn('');
-  console.warn('  var express = require("express");');
-  console.warn('  var app = express();');
-  console.warn('');
-  return createApplication();
-};
+exports.createServer = deprecate.function(createApplication,
+  'createServer() is deprecated\n' +
+  'express applications no longer inherit from http.Server\n' +
+  'please use:\n' +
+  '\n' +
+  '  var express = require("express");\n' +
+  '  var app = express();\n' +
+  '\n'
+);

 /**
 * Expose the prototypes.
--- a/lib/request.js
+++ b/lib/request.js
@@ -3,13 +3,17 @@
 * Module dependencies.
 */

+var auth = require('basic-auth');
+var deprecate = require('depd')('express');
 var http = require('http')
  , utils = require('./utils')
  , connect = require('connect')
  , fresh = require('fresh')
  , parseRange = require('range-parser')
-  , parse = connect.utils.parseUrl
+  , parse = require('parseurl')
+  , proxyaddr = require('proxy-addr')
  , mime = connect.mime;
+var isIP = require('net').isIP;

 /**
 * Request prototype.
@@ -337,20 +341,30 @@ req.is = function(type){
 /**
 * Return the protocol string "http" or "https"
 * when requested with TLS. When the "trust proxy"
- * setting is enabled the "X-Forwarded-Proto" header
- * field will be trusted. If you're running behind
- * a reverse proxy that supplies https for you this
- * may be enabled.
+ * setting trusts the socket address, the
+ * "X-Forwarded-Proto" header field will be trusted
+ * and used if present.
+ *
+ * If you're running behind a reverse proxy that
+ * supplies https for you this may be enabled.
 *
 * @return {String}
 * @api public
 */

 req.__defineGetter__('protocol', function(){
-  var trustProxy = this.app.get('trust proxy');
-  if (this.connection.encrypted) return 'https';
-  if (!trustProxy) return 'http';
-  var proto = this.get('X-Forwarded-Proto') || 'http';
+  var proto = this.connection.encrypted
+    ? 'https'
+    : 'http';
+  var trust = this.app.get('trust proxy fn');
+
+  if (!trust(this.connection.remoteAddress)) {
+    return proto;
+  }
+
+  // Note: X-Forwarded-Proto is normally only ever a
+  //       single value, but this is to be safe.
+  proto = this.get('X-Forwarded-Proto') || proto;
  return proto.split(/\s*,\s*/)[0];
 });

@@ -368,36 +382,36 @@ req.__defineGetter__('secure', function(){
 });

 /**
- * Return the remote address, or when
- * "trust proxy" is `true` return
- * the upstream addr.
+ * Return the remote address from the trusted proxy.
+ *
+ * The is the remote address on the socket unless
+ * "trust proxy" is set.
 *
 * @return {String}
 * @api public
 */

 req.__defineGetter__('ip', function(){
-  return this.ips[0] || this.connection.remoteAddress;
+  var trust = this.app.get('trust proxy fn');
+  return proxyaddr(this, trust);
 });

 /**
- * When "trust proxy" is `true`, parse
- * the "X-Forwarded-For" ip address list.
+ * When "trust proxy" is set, trusted proxy addresses + client.
 *
 * For example if the value were "client, proxy1, proxy2"
 * you would receive the array `["client", "proxy1", "proxy2"]`
- * where "proxy2" is the furthest down-stream.
+ * where "proxy2" is the furthest down-stream and "proxy1" and
+ * "proxy2" were trusted.
 *
 * @return {Array}
 * @api public
 */

 req.__defineGetter__('ips', function(){
-  var trustProxy = this.app.get('trust proxy');
-  var val = this.get('X-Forwarded-For');
-  return trustProxy && val
-    ? val.split(/ *, */)
-    : [];
+  var trust = this.app.get('trust proxy fn');
+  var addrs = proxyaddr.all(this, trust);
+  return addrs.slice(1).reverse();
 });

 /**
@@ -414,20 +428,13 @@ req.__defineGetter__('ips', function(){
 */

 req.__defineGetter__('auth', function(){
-  // missing
-  var auth = this.get('Authorization');
-  if (!auth) return;
-
-  // malformed
-  var parts = auth.split(' ');
-  if ('basic' != parts[0].toLowerCase()) return;
-  if (!parts[1]) return;
-  auth = parts[1];
+  deprecate('req.auth: Use basic-auth npm module instead');

  // credentials
-  auth = new Buffer(auth, 'base64').toString().match(/^([^:]*):(.*)$/);
-  if (!auth) return;
-  return { username: auth[1], password: auth[2] };
+  var creds = auth(this);
+  if (!creds) return;
+
+  return { username: creds.name, password: creds.pass };
 });

 /**
@@ -446,11 +453,16 @@ req.__defineGetter__('auth', function(){
 */

 req.__defineGetter__('subdomains', function(){
+  var host = this.host;
+
+  if (!host) return [];
+
  var offset = this.app.get('subdomain offset');
-  return (this.host || '')
-    .split('.')
-    .reverse()
-    .slice(offset);
+  var subdomains = !isIP(host)
+    ? host.split('.').reverse()
+    : [host];
+
+  return subdomains.slice(offset);
 });

 /**
@@ -467,16 +479,33 @@ req.__defineGetter__('path', function(){
 /**
 * Parse the "Host" header field hostname.
 *
+ * When the "trust proxy" setting trusts the socket
+ * address, the "X-Forwarded-Host" header field will
+ * be trusted.
+ *
 * @return {String}
 * @api public
 */

 req.__defineGetter__('host', function(){
-  var trustProxy = this.app.get('trust proxy');
-  var host = trustProxy && this.get('X-Forwarded-Host');
-  host = host || this.get('Host');
+  var trust = this.app.get('trust proxy fn');
+  var host = this.get('X-Forwarded-Host');
+
+  if (!host || !trust(this.connection.remoteAddress)) {
+    host = this.get('Host');
+  }
+
  if (!host) return;
-  return host.split(':')[0];
+
+  // IPv6 literal support
+  var offset = host[0] === '['
+    ? host.indexOf(']') + 1
+    : 0;
+  var index = host.indexOf(':', offset);
+
+  return ~index
+    ? host.substring(0, index)
+    : host;
 });

 /**
--- a/lib/response.js
+++ b/lib/response.js
@@ -2,14 +2,19 @@
 * Module dependencies.
 */

+var contentDisposition = require('content-disposition');
+var deprecate = require('depd')('express');
+var escapeHtml = require('escape-html');
+var merge = require('utils-merge');
+var parseUrl = require('parseurl');
+var vary = require('vary');
 var http = require('http')
  , path = require('path')
  , connect = require('connect')
-  , utils = connect.utils
  , sign = require('cookie-signature').sign
  , normalizeType = require('./utils').normalizeType
  , normalizeTypes = require('./utils').normalizeTypes
-  , etag = require('./utils').etag
+  , setCharset = require('./utils').setCharset
  , statusCodes = http.STATUS_CODES
  , cookie = require('cookie')
  , send = require('send')
@@ -82,6 +87,8 @@ res.links = function(links){
 res.send = function(body){
  var req = this.req;
  var head = 'HEAD' == req.method;
+  var type;
+  var encoding;
  var len;

  // settings
@@ -98,13 +105,15 @@ res.send = function(body){
    }
  }

+  // disambiguate res.send(status) and res.send(status, num)
+  if (typeof body === 'number' && arguments.length === 1) {
+    // res.send(status) will set status message as text string
+    this.get('Content-Type') || this.type('txt');
+    this.statusCode = body;
+    body = http.STATUS_CODES[body];
+  }
+
  switch (typeof body) {
-    // response status
-    case 'number':
-      this.get('Content-Type') || this.type('txt');
-      this.statusCode = body;
-      body = http.STATUS_CODES[body];
-      break;
    // string defaulting to html
    case 'string':
      if (!this.get('Content-Type')) {
@@ -113,6 +122,7 @@ res.send = function(body){
      }
      break;
    case 'boolean':
+    case 'number':
    case 'object':
      if (null == body) {
        body = '';
@@ -124,18 +134,31 @@ res.send = function(body){
      break;
  }

+  // write strings in utf-8
+  if ('string' === typeof body) {
+    encoding = 'utf8';
+    type = this.get('Content-Type');
+
+    // reflect this in content-type
+    if ('string' === typeof type) {
+      this.set('Content-Type', setCharset(type, 'utf-8'));
+    }
+  }
+
  // populate Content-Length
  if (undefined !== body && !this.get('Content-Length')) {
-    this.set('Content-Length', len = Buffer.isBuffer(body)
+    len = Buffer.isBuffer(body)
      ? body.length
-      : Buffer.byteLength(body));
+      : Buffer.byteLength(body, encoding);
+    this.set('Content-Length', len);
  }

  // ETag support
-  // TODO: W/ support
-  if (app.settings.etag && len && 'GET' == req.method) {
+  var etag = len !== undefined && app.get('etag fn');
+  if (etag && ('GET' === req.method || 'HEAD' === req.method)) {
    if (!this.get('ETag')) {
-      this.set('ETag', etag(body));
+      etag = etag(body, encoding);
+      etag && this.set('ETag', etag);
    }
  }

@@ -151,7 +174,8 @@ res.send = function(body){
  }

  // respond
-  this.end(head ? null : body);
+  this.end((head ? null : body), encoding);
+
  return this;
 };

@@ -177,6 +201,11 @@ res.json = function(obj){
    // res.json(body, status) backwards compat
    if ('number' == typeof arguments[1]) {
      this.statusCode = arguments[1];
+      if (typeof obj === 'number') {
+        deprecate('res.json(obj, status): Use res.json(status, obj) instead');
+      } else {
+        deprecate('res.json(num, status): Use res.status(status).json(num) instead');
+      }
    } else {
      this.statusCode = obj;
      obj = arguments[1];
@@ -218,6 +247,11 @@ res.jsonp = function(obj){
    // res.json(body, status) backwards compat
    if ('number' == typeof arguments[1]) {
      this.statusCode = arguments[1];
+      if (typeof obj === 'number') {
+        deprecate('res.jsonp(obj, status): Use res.jsonp(status, obj) instead');
+      } else {
+        deprecate('res.jsonp(num, status): Use res.status(status).jsonp(num) instead');
+      }
    } else {
      this.statusCode = obj;
      obj = arguments[1];
@@ -228,21 +262,38 @@ res.jsonp = function(obj){
  var app = this.app;
  var replacer = app.get('json replacer');
  var spaces = app.get('json spaces');
-  var body = JSON.stringify(obj, replacer, spaces)
-    .replace(/\u2028/g, '\\u2028')
-    .replace(/\u2029/g, '\\u2029');
+  var body = JSON.stringify(obj, replacer, spaces);
  var callback = this.req.query[app.get('jsonp callback name')];

  // content-type
-  this.charset = this.charset || 'utf-8';
-  this.set('Content-Type', 'application/json');
+  if (!this.get('Content-Type')) {
+    this.charset = 'utf-8';
+    this.set('X-Content-Type-Options', 'nosniff');
+    this.set('Content-Type', 'application/json');
+  }
+
+  // fixup callback
+  if (Array.isArray(callback)) {
+    callback = callback[0];
+  }

  // jsonp
-  if (callback) {
-    if (Array.isArray(callback)) callback = callback[0];
+  if (typeof callback === 'string' && callback.length !== 0) {
+    this.charset = 'utf-8';
+    this.set('X-Content-Type-Options', 'nosniff');
    this.set('Content-Type', 'text/javascript');
-    var cb = callback.replace(/[^\[\]\w$.]/g, '');
-    body = 'typeof ' + cb + ' === \'function\' && ' + cb + '(' + body + ');';
+
+    // restrict callback charset
+    callback = callback.replace(/[^\[\]\w$.]/g, '');
+
+    // replace chars not allowed in JavaScript that are in JSON
+    body = body
+      .replace(/\u2028/g, '\\u2028')
+      .replace(/\u2029/g, '\\u2029');
+
+    // the /**/ is a specific security mitigation for "Rosetta Flash JSONP abuse"
+    // the typeof check is just to reduce client error noise
+    body = '/**/ typeof ' + callback + ' === \'function\' && ' + callback + '(' + body + ');';
  }

  return this.send(body);
@@ -259,8 +310,11 @@ res.jsonp = function(obj){
 *
 * Options:
 *
- *   - `maxAge` defaulting to 0
- *   - `root`   root directory for relative filenames
+ *   - `maxAge`   defaulting to 0
+ *   - `root`     root directory for relative filenames
+ *   - `dotfiles` serve dotfiles, defaulting to false; can be `"allow"` to send them
+ *
+ * Other options are passed along to `send`.
 *
 * Examples:
 *
@@ -311,13 +365,13 @@ res.sendfile = function(path, options, fn){

    // clean up
    cleanup();
-    if (!self.headerSent) self.removeHeader('Content-Disposition');
+    if (!self.headersSent) self.removeHeader('Content-Disposition');

    // callback available
    if (fn) return fn(err);

    // list in limbo if there's no callback
-    if (self.headerSent) return;
+    if (self.headersSent) return;

    // delegate
    next(err);
@@ -336,9 +390,7 @@ res.sendfile = function(path, options, fn){
  }

  // transfer
-  var file = send(req, path);
-  if (options.root) file.root(options.root);
-  file.maxage(options.maxAge || 0);
+  var file = send(req, path, options);
  file.on('error', error);
  file.on('directory', next);
  file.on('stream', stream);
@@ -352,7 +404,7 @@ res.sendfile = function(path, options, fn){
 * Optionally providing an alternate attachment `filename`,
 * and optional callback `fn(err)`. The callback is invoked
 * when the data transfer is complete, or when an error has
- * ocurred. Be sure to check `res.headerSent` if you plan to respond.
+ * ocurred. Be sure to check `res.headersSent` if you plan to respond.
 *
 * This method uses `res.sendfile()`.
 *
@@ -362,15 +414,17 @@ res.sendfile = function(path, options, fn){
 * @api public
 */

-res.download = function(path, filename, fn){
+res.download = function download(path, filename, fn) {
  // support function as second arg
-  if ('function' == typeof filename) {
+  if (typeof filename === 'function') {
    fn = filename;
    filename = null;
  }

  filename = filename || path;
-  this.set('Content-Disposition', 'attachment; filename="' + basename(filename) + '"');
+
+  this.set('Content-Disposition', contentDisposition(filename));
+
  return this.sendfile(path, fn);
 };

@@ -493,11 +547,13 @@ res.format = function(obj){
 * @api public
 */

-res.attachment = function(filename){
-  if (filename) this.type(extname(filename));
-  this.set('Content-Disposition', filename
-    ? 'attachment; filename="' + basename(filename) + '"'
-    : 'attachment');
+res.attachment = function attachment(filename) {
+  if (filename) {
+    this.type(extname(filename));
+  }
+
+  this.set('Content-Disposition', contentDisposition(filename));
+
  return this;
 };

@@ -557,7 +613,7 @@ res.get = function(field){
 res.clearCookie = function(name, options){
  var opts = { expires: new Date(1), path: '/' };
  return this.cookie(name, '', options
-    ? utils.merge(opts, options)
+    ? merge(opts, options)
    : opts);
 };

@@ -585,7 +641,7 @@ res.clearCookie = function(name, options){
 */

 res.cookie = function(name, val, options){
-  options = utils.merge({}, options);
+  options = merge({}, options);
  var secret = this.req.secret;
  var signed = options.signed;
  if (signed && !secret) throw new Error('connect.cookieParser("secret") required for signed cookies');
@@ -643,7 +699,7 @@ res.location = function(url){
  if (!~url.indexOf('://') && 0 != url.indexOf('//')) {
    // relative to path
    if ('.' == url[0]) {
-      path = req.originalUrl.split('?')[0];
+      path = parseUrl.original(req).pathname;
      path = path + ('/' == path[path.length - 1] ? '' : '/');
      url = resolve(path, url);
      // relative to mount-point
@@ -671,11 +727,8 @@ res.location = function(url){
 *    res.redirect('/foo/bar');
 *    res.redirect('http://example.com');
 *    res.redirect(301, 'http://example.com');
- *    res.redirect('http://example.com', 301);
 *    res.redirect('../login'); // /blog/post/1 -> /blog/login
 *
- * @param {String} url
- * @param {Number} code
 * @api public
 */

@@ -690,6 +743,7 @@ res.redirect = function(url){
      status = url;
      url = arguments[1];
    } else {
+      deprecate('res.redirect(url, status): Use res.redirect(status, url) instead');
      status = arguments[1];
    }
  }
@@ -705,7 +759,7 @@ res.redirect = function(url){
    },

    html: function(){
-      var u = utils.escape(url);
+      var u = escapeHtml(url);
      body = '<p>' + statusCodes[status] + '. Redirecting to <a href="' + u + '">' + u + '</a></p>';
    },

@@ -730,31 +784,12 @@ res.redirect = function(url){
 */

 res.vary = function(field){
-  var self = this;
-
-  // nothing
+  // checks for back-compat
  if (!field) return this;
+  if (Array.isArray(field) && !field.length) return this;

-  // array
-  if (Array.isArray(field)) {
-    field.forEach(function(field){
-      self.vary(field);
-    });
-    return;
-  }
+  vary(this, field);

-  var vary = this.get('Vary');
-
-  // append
-  if (vary) {
-    vary = vary.split(/ *, */);
-    if (!~vary.indexOf(field)) vary.push(field);
-    this.set('Vary', vary.join(', '));
-    return this;
-  }
-
-  // set
-  this.set('Vary', field);
  return this;
 };

--- a/lib/router/index.js
+++ b/lib/router/index.js
@@ -2,11 +2,11 @@
 * Module dependencies.
 */

-var Route = require('./route')
-  , utils = require('../utils')
-  , methods = require('methods')
-  , debug = require('debug')('express:router')
-  , parse = require('connect').utils.parseUrl;
+var Route = require('./route');
+var utils = require('../utils');
+var methods = require('methods');
+var debug = require('debug')('express:router');
+var parseUrl = require('parseurl');

 /**
 * Expose `Router` constructor.
@@ -182,7 +182,7 @@ Router.prototype._dispatch = function(req, res, next){
 */

 Router.prototype._options = function(req, res, next){
-  var path = parse(req).pathname
+  var path = parseUrl(req).pathname
    , body = this._optionsFor(path).join(',');
  if (!body) return next();
  res.set('Allow', body).send(body);
@@ -222,7 +222,7 @@ Router.prototype._optionsFor = function(path){

 Router.prototype.matchRequest = function(req, i, head){
  var method = req.method.toLowerCase()
-    , url = parse(req)
+    , url = parseUrl(req)
    , path = url.pathname
    , routes = this.map
    , i = i || 0
--- a/lib/utils.js
+++ b/lib/utils.js
@@ -3,8 +3,10 @@
 * Module dependencies.
 */

-var mime = require('connect').mime
-  , crc32 = require('buffer-crc32');
+var etag = require('etag');
+var mime = require('connect').mime;
+var proxyaddr = require('proxy-addr');
+var typer = require('media-typer');

 /**
 * toString ref.
@@ -13,15 +15,37 @@ var mime = require('connect').mime
 var toString = {}.toString;

 /**
- * Return ETag for `body`.
+ * Return strong ETag for `body`.
 *
 * @param {String|Buffer} body
+ * @param {String} [encoding]
 * @return {String}
 * @api private
 */

-exports.etag = function(body){
-  return '"' + crc32.signed(body) + '"';
+exports.etag = function (body, encoding) {
+  var buf = !Buffer.isBuffer(body)
+    ? new Buffer(body, encoding)
+    : body;
+
+  return etag(buf, {weak: false});
+};
+
+/**
+ * Return weak ETag for `body`.
+ *
+ * @param {String|Buffer} body
+ * @param {String} [encoding]
+ * @return {String}
+ * @api private
+ */
+
+exports.wetag = function wetag(body, encoding){
+  var buf = !Buffer.isBuffer(body)
+    ? new Buffer(body, encoding)
+    : body;
+
+  return etag(buf, {weak: true});
 };

 /**
@@ -258,22 +282,6 @@ function acceptParams(str, index) {
  return ret;
 }

-/**
- * Escape special characters in the given string of html.
- *
- * @param  {String} html
- * @return {String}
- * @api private
- */
-
-exports.escape = function(html) {
-  return String(html)
-    .replace(/&/g, '&amp;')
-    .replace(/"/g, '&quot;')
-    .replace(/</g, '&lt;')
-    .replace(/>/g, '&gt;');
-};
-
 /**
 * Normalize the given path string,
 * returning a regular expression.
@@ -312,3 +320,88 @@ exports.pathRegexp = function(path, keys, sensitive, strict) {
    .replace(/\*/g, '(.*)');
  return new RegExp('^' + path + '$', sensitive ? '' : 'i');
 }
+
+/**
+ * Compile "etag" value to function.
+ *
+ * @param  {Boolean|String|Function} val
+ * @return {Function}
+ * @api private
+ */
+
+exports.compileETag = function(val) {
+  var fn;
+
+  if (typeof val === 'function') {
+    return val;
+  }
+
+  switch (val) {
+    case true:
+      fn = exports.wetag;
+      break;
+    case false:
+      break;
+    case 'strong':
+      fn = exports.etag;
+      break;
+    case 'weak':
+      fn = exports.wetag;
+      break;
+    default:
+      throw new TypeError('unknown value for etag function: ' + val);
+  }
+
+  return fn;
+}
+
+/**
+ * Compile "proxy trust" value to function.
+ *
+ * @param  {Boolean|String|Number|Array|Function} val
+ * @return {Function}
+ * @api private
+ */
+
+exports.compileTrust = function(val) {
+  if (typeof val === 'function') return val;
+
+  if (val === true) {
+    // Support plain true/false
+    return function(){ return true };
+  }
+
+  if (typeof val === 'number') {
+    // Support trusting hop count
+    return function(a, i){ return i < val };
+  }
+
+  if (typeof val === 'string') {
+    // Support comma-separated values
+    val = val.split(/ *, */);
+  }
+
+  return proxyaddr.compile(val || []);
+}
+
+/**
+ * Set the charset in a given Content-Type string.
+ *
+ * @param {String} type
+ * @param {String} charset
+ * @return {String}
+ * @api private
+ */
+
+exports.setCharset = function(type, charset){
+  if (!type || !charset) return type;
+
+  // parse type
+  var parsed = typer.parse(type);
+
+  // set charset
+  parsed.parameters.charset = charset;
+
+  // format type
+  return typer.format(parsed);
+};
--- a/package.json
+++ b/package.json
@@ -1,51 +1,19 @@
 {
  "name": "express",
  "description": "Sinatra inspired web development framework",
-  "version": "3.4.8",
+  "version": "3.18.3",
  "author": "TJ Holowaychuk <tj@vision-media.ca>",
  "contributors": [
-    {
-      "name": "TJ Holowaychuk",
-      "email": "tj@vision-media.ca"
-    },
-    {
-      "name": "Aaron Heckmann",
-      "email": "aaron.heckmann+github@gmail.com"
-    },
-    {
-      "name": "Ciaran Jessup",
-      "email": "ciaranj@gmail.com"
-    },
-    {
-      "name": "Guillermo Rauch",
-      "email": "rauchg@gmail.com"
-    }
+    "Aaron Heckmann <aaron.heckmann+github@gmail.com>",
+    "Ciaran Jessup <ciaranj@gmail.com>",
+    "Douglas Christopher Wilson <doug@somethingdoug.com>",
+    "Guillermo Rauch <rauchg@gmail.com>",
+    "Jonathan Ong <me@jongleberry.com>",
+    "Roman Shtylman <shtylman+expressjs@gmail.com"
  ],
-  "dependencies": {
-    "connect": "2.12.0",
-    "commander": "1.3.2",
-    "range-parser": "0.0.4",
-    "mkdirp": "0.3.5",
-    "cookie": "0.1.0",
-    "buffer-crc32": "0.2.1",
-    "fresh": "0.2.0",
-    "methods": "0.1.0",
-    "send": "0.1.4",
-    "cookie-signature": "1.0.1",
-    "merge-descriptors": "0.0.1",
-    "debug": ">= 0.7.3 < 1"
-  },
-  "devDependencies": {
-    "ejs": "~0.8.4",
-    "mocha": "~1.15.1",
-    "jade": "~0.30.0",
-    "hjs": "~0.0.6",
-    "stylus": "~0.40.0",
-    "should": "~2.1.1",
-    "connect-redis": "~1.4.5",
-    "marked": "0.2.10",
-    "supertest": "~0.8.1"
-  },
+  "license": "MIT",
+  "repository": "strongloop/express",
+  "homepage": "http://expressjs.com/",
  "keywords": [
    "express",
    "framework",
@@ -57,17 +25,58 @@
    "app",
    "api"
  ],
-  "repository": "git://github.com/visionmedia/express",
-  "main": "index",
-  "bin": {
-    "express": "./bin/express"
+  "dependencies": {
+    "basic-auth": "1.0.0",
+    "connect": "2.27.3",
+    "content-disposition": "0.5.0",
+    "commander": "1.3.2",
+    "cookie-signature": "1.0.5",
+    "debug": "~2.1.0",
+    "depd": "~1.0.0",
+    "escape-html": "1.0.1",
+    "etag": "~1.5.0",
+    "fresh": "0.2.4",
+    "media-typer": "0.3.0",
+    "methods": "1.1.0",
+    "mkdirp": "0.5.0",
+    "parseurl": "~1.3.0",
+    "proxy-addr": "~1.0.3",
+    "range-parser": "~1.0.2",
+    "send": "0.10.1",
+    "utils-merge": "1.0.0",
+    "vary": "~1.0.0",
+    "cookie": "0.1.2",
+    "merge-descriptors": "0.0.2"
  },
-  "scripts": {
-    "prepublish": "npm prune",
-    "test": "make test"
+  "devDependencies": {
+    "connect-redis": "~1.5.0",
+    "istanbul": "0.3.2",
+    "mocha": "~2.0.0",
+    "should": "~4.2.1",
+    "supertest": "~0.14.0",
+    "ejs": "~1.0.0",
+    "jade": "~1.7.0",
+    "hjs": "~0.0.6",
+    "marked": "0.3.2"
  },
  "engines": {
    "node": ">= 0.8.0"
  },
-  "license": "MIT"
+  "bin": {
+    "express": "./bin/express"
+  },
+  "files": [
+    "LICENSE",
+    "History.md",
+    "Readme.md",
+    "index.js",
+    "bin/",
+    "lib/"
+  ],
+  "scripts": {
+    "test": "mocha --require test/support/env --reporter dot --check-leaks test/ test/acceptance/",
+    "test-cov": "istanbul cover node_modules/mocha/bin/_mocha -- --require test/support/env --reporter dot --check-leaks test/ test/acceptance/",
+    "test-tap": "mocha --require test/support/env --reporter tap --check-leaks test/ test/acceptance/",
+    "test-travis": "istanbul cover node_modules/mocha/bin/_mocha --report lcovonly -- --require test/support/env --reporter spec --check-leaks test/ test/acceptance/"
+  }
 }
--- a/test/Router.js
+++ b/test/Router.js
@@ -1,7 +1,7 @@

 var express = require('../')
  , Router = express.Router
-  , request = require('./support/http')
+  , request = require('supertest')
  , methods = require('methods')
  , assert = require('assert');

--- a/test/acceptance/auth.js
+++ b/test/acceptance/auth.js
@@ -1,13 +1,5 @@
 var app = require('../../examples/auth/app')
-  , request = require('../support/http');
-
-function redirects(to, fn){
-  return function(err, res){
-    res.statusCode.should.equal(302)
-    res.headers.should.have.property('location').match(to);
-    fn()
-  }
-}
+var request = require('supertest')

 function getCookie(res) {
  return res.headers['set-cookie'][0].split(';')[0];
@@ -18,25 +10,93 @@ describe('auth', function(){
    it('should redirect to /login', function(done){
      request(app)
      .get('/')
-      .end(redirects(/\/login$/, done))
+      .expect('Location', '/login')
+      .expect(302, done)
    })
  })

-  describe('GET /restricted (w/o cookie)',function(){
-    it('should redirect to /login', function(done){
+  describe('GET /login',function(){
+    it('should render login form', function(done){
      request(app)
-      .get('/restricted')
-      .end(redirects(/\/login$/,done))
+      .get('/login')
+      .expect(200, /<form/, done)
    })
-  })

-  describe('POST /login', function(){
-    it('should fail without proper credentials', function(done){
+    it('should display login error', function(done){
      request(app)
      .post('/login')
      .type('urlencoded')
      .send('username=not-tj&password=foobar')
-      .end(redirects(/\/login$/, done))
+      .expect('Location', '/login')
+      .expect(302, function(err, res){
+        if (err) return done(err)
+        request(app)
+        .get('/login')
+        .set('Cookie', getCookie(res))
+        .expect(200, /Authentication failed/, done)
+      })
    })
  })
-})
+
+  describe('GET /logout',function(){
+    it('should redirect to /', function(done){
+      request(app)
+      .get('/logout')
+      .expect('Location', '/')
+      .expect(302, done)
+    })
+  })
+
+  describe('GET /restricted',function(){
+    it('should redirect to /login without cookie', function(done){
+      request(app)
+      .get('/restricted')
+      .expect('Location', '/login')
+      .expect(302, done)
+    })
+
+    it('should succeed with proper cookie', function(done){
+      request(app)
+      .post('/login')
+      .type('urlencoded')
+      .send('username=tj&password=foobar')
+      .expect('Location', '/')
+      .expect(302, function(err, res){
+        if (err) return done(err)
+        request(app)
+        .get('/restricted')
+        .set('Cookie', getCookie(res))
+        .expect(200, done)
+      })
+    })
+  })
+
+  describe('POST /login', function(){
+    it('should fail without proper username', function(done){
+      request(app)
+      .post('/login')
+      .type('urlencoded')
+      .send('username=not-tj&password=foobar')
+      .expect('Location', '/login')
+      .expect(302, done)
+    })
+
+    it('should fail without proper password', function(done){
+      request(app)
+      .post('/login')
+      .type('urlencoded')
+      .send('username=tj&password=baz')
+      .expect('Location', '/login')
+      .expect(302, done)
+    })
+
+    it('should succeed with proper credentials', function(done){
+      request(app)
+      .post('/login')
+      .type('urlencoded')
+      .send('username=tj&password=foobar')
+      .expect('Location', '/')
+      .expect(302, done)
+    })
+  })
+})
--- a/test/acceptance/content-negotiation.js
+++ b/test/acceptance/content-negotiation.js
@@ -1,5 +1,5 @@

-var request = require('../support/http')
+var request = require('supertest')
  , app = require('../../examples/content-negotiation');

 describe('content-negotiation', function(){
@@ -7,16 +7,43 @@ describe('content-negotiation', function(){
    it('should default to text/html', function(done){
      request(app)
      .get('/')
-      .expect('<ul><li>Tobi</li><li>Loki</li><li>Jane</li></ul>')
-      .end(done);
+      .expect(200, '<ul><li>Tobi</li><li>Loki</li><li>Jane</li></ul>', done)
    })

    it('should accept to text/plain', function(done){
      request(app)
      .get('/')
      .set('Accept', 'text/plain')
-      .expect(' - Tobi\n - Loki\n - Jane\n')
-      .end(done);
+      .expect(200, ' - Tobi\n - Loki\n - Jane\n', done)
+    })
+
+    it('should accept to application/json', function(done){
+      request(app)
+      .get('/')
+      .set('Accept', 'application/json')
+      .expect(200, '[{"name":"Tobi"},{"name":"Loki"},{"name":"Jane"}]', done)
    })
  })
-})
+
+  describe('GET /users', function(){
+    it('should default to text/html', function(done){
+      request(app)
+      .get('/users')
+      .expect(200, '<ul><li>Tobi</li><li>Loki</li><li>Jane</li></ul>', done)
+    })
+
+    it('should accept to text/plain', function(done){
+      request(app)
+      .get('/users')
+      .set('Accept', 'text/plain')
+      .expect(200, ' - Tobi\n - Loki\n - Jane\n', done)
+    })
+
+    it('should accept to application/json', function(done){
+      request(app)
+      .get('/users')
+      .set('Accept', 'application/json')
+      .expect(200, '[{"name":"Tobi"},{"name":"Loki"},{"name":"Jane"}]', done)
+    })
+  })
+})
--- a/test/acceptance/cookies.js
+++ b/test/acceptance/cookies.js
@@ -1,6 +1,6 @@

 var app = require('../../examples/cookies/app')
-  , request = require('../support/http');
+  , request = require('supertest');

 describe('cookies', function(){
  describe('GET /', function(){
@@ -18,6 +18,35 @@ describe('cookies', function(){
        done()
      })
    })
+
+    it('should respond to cookie', function(done){
+      request(app)
+      .post('/')
+      .send({ remember: 1 })
+      .expect(302, function(err, res){
+        if (err) return done(err)
+        request(app)
+        .get('/')
+        .set('Cookie', res.headers['set-cookie'][0])
+        .expect(200, /Remembered/, done)
+      })
+    })
+  })
+
+  describe('GET /forget', function(){
+    it('should clear cookie', function(done){
+      request(app)
+      .post('/')
+      .send({ remember: 1 })
+      .expect(302, function(err, res){
+        if (err) return done(err)
+        request(app)
+        .get('/forget')
+        .set('Cookie', res.headers['set-cookie'][0])
+        .expect('Set-Cookie', /remember=;/)
+        .expect(302, done)
+      })
+    })
  })

  describe('POST /', function(){
@@ -25,10 +54,20 @@ describe('cookies', function(){
      request(app)
      .post('/')
      .send({ remember: 1 })
-      .end(function(err, res){
+      .expect(302, function(err, res){
        res.headers.should.have.property('set-cookie')
        done()
      })
    })
+
+    it('should no set cookie w/o reminder', function(done){
+      request(app)
+      .post('/')
+      .send({})
+      .expect(302, function(err, res){
+        res.headers.should.not.have.property('set-cookie')
+        done()
+      })
+    })
  })
-})
+})
--- a/test/acceptance/downloads.js
+++ b/test/acceptance/downloads.js
@@ -1,6 +1,6 @@

 var app = require('../../examples/downloads/app')
-  , request = require('../support/http');
+  , request = require('supertest');

 describe('downloads', function(){
  describe('GET /', function(){
--- a/test/acceptance/ejs.js
+++ b/test/acceptance/ejs.js
@@ -1,5 +1,5 @@

-var request = require('../support/http')
+var request = require('supertest')
  , app = require('../../examples/ejs');

 describe('ejs', function(){
@@ -7,14 +7,11 @@ describe('ejs', function(){
    it('should respond with html', function(done){
      request(app)
      .get('/')
-      .end(function(err, res){
-        res.should.have.status(200);
-        res.should.have.header('Content-Type', 'text/html; charset=utf-8');
-        res.text.should.include('<li>tobi &lt;tobi@learnboost.com&gt;</li>');
-        res.text.should.include('<li>loki &lt;loki@learnboost.com&gt;</li>');
-        res.text.should.include('<li>jane &lt;jane@learnboost.com&gt;</li>');
-        done();
-      });
+      .expect('Content-Type', 'text/html; charset=utf-8')
+      .expect(/<li>tobi &lt;tobi@learnboost\.com&gt;<\/li>/)
+      .expect(/<li>loki &lt;loki@learnboost\.com&gt;<\/li>/)
+      .expect(/<li>jane &lt;jane@learnboost\.com&gt;<\/li>/)
+      .expect(200, done)
    })
  })
-})
+})
--- a/test/acceptance/error-pages.js
+++ b/test/acceptance/error-pages.js
@@ -1,6 +1,6 @@

 var app = require('../../examples/error-pages')
-  , request = require('../support/http');
+  , request = require('supertest');

 describe('error-pages', function(){
  describe('GET /', function(){
--- a/test/acceptance/error.js
+++ b/test/acceptance/error.js
@@ -1,6 +1,6 @@

 var app = require('../../examples/error')
-  , request = require('../support/http');
+  , request = require('supertest');

 describe('error', function(){
  describe('GET /', function(){
--- a/test/acceptance/markdown.js
+++ b/test/acceptance/markdown.js
@@ -1,6 +1,6 @@

 var app = require('../../examples/markdown')
-  , request = require('../support/http');
+var request = require('supertest')

 describe('markdown', function(){
  describe('GET /', function(){
@@ -18,4 +18,4 @@ describe('markdown', function(){
        .expect(500,done)
    })
  })
-})
+})
--- a/test/acceptance/mvc.js
+++ b/test/acceptance/mvc.js
@@ -1,5 +1,5 @@

-var request = require('../support/http')
+var request = require('supertest')
  , app = require('../../examples/mvc');

 describe('mvc', function(){
@@ -7,10 +7,39 @@ describe('mvc', function(){
    it('should redirect to /users', function(done){
      request(app)
      .get('/')
+      .expect('Location', '/users')
+      .expect(302, done)
+    })
+  })
+
+  describe('GET /pet/0', function(){
+    it('should get pet', function(done){
+      request(app)
+      .get('/pet/0')
+      .expect(200, /Tobi/, done)
+    })
+  })
+
+  describe('GET /pet/0/edit', function(){
+    it('should get pet edit page', function(done){
+      request(app)
+      .get('/pet/0/edit')
+      .expect(/<form/)
+      .expect(200, /Tobi/, done)
+    })
+  })
+
+  describe('PUT /pet/2', function(){
+    it('should update the pet', function(done){
+      request(app)
+      .put('/pet/3')
+      .set('Content-Type', 'application/x-www-form-urlencoded')
+      .send({ pet: { name: 'Boots' } })
      .end(function(err, res){
-        res.should.have.status(302);
-        res.headers.location.should.include('/users');
-        done();
+        if (err) return done(err);
+        request(app)
+        .get('/pet/3/edit')
+        .expect(200, /Boots/, done)
      })
    })
  })
@@ -19,13 +48,11 @@ describe('mvc', function(){
    it('should display a list of users', function(done){
      request(app)
      .get('/users')
-      .end(function(err, res){
-        res.text.should.include('<h1>Users</h1>');
-        res.text.should.include('>TJ<');
-        res.text.should.include('>Guillermo<');
-        res.text.should.include('>Nathan<');
-        done();
-      })
+      .expect(/<h1>Users<\/h1>/)
+      .expect(/>TJ</)
+      .expect(/>Guillermo</)
+      .expect(/>Nathan</)
+      .expect(200, done)
    })
  })

@@ -34,21 +61,16 @@ describe('mvc', function(){
      it('should display the user', function(done){
        request(app)
        .get('/user/0')
-        .end(function(err, res){
-          res.text.should.include('<h1>TJ <a href="/user/0/edit">edit');
-          done();
-        })
+        .expect(200, /<h1>TJ <a href="\/user\/0\/edit">edit/, done)
      })

      it('should display the users pets', function(done){
        request(app)
        .get('/user/0')
-        .end(function(err, res){
-          res.text.should.include('/pet/0">Tobi');
-          res.text.should.include('/pet/1">Loki');
-          res.text.should.include('/pet/2">Jane');
-          done();
-        })
+        .expect(/\/pet\/0">Tobi/)
+        .expect(/\/pet\/1">Loki/)
+        .expect(/\/pet\/2">Jane/)
+        .expect(200, done)
      })
    })

@@ -65,11 +87,8 @@ describe('mvc', function(){
    it('should display the edit form', function(done){
      request(app)
      .get('/user/1/edit')
-      .end(function(err, res){
-        res.text.should.include('<h1>Guillermo</h1>');
-        res.text.should.include('value="put"');
-        done();
-      })
+      .expect(/Guillermo/)
+      .expect(200, /<form/, done)
    })
  })

@@ -77,15 +96,30 @@ describe('mvc', function(){
    it('should update the user', function(done){
      request(app)
      .put('/user/1')
+      .set('Content-Type', 'application/x-www-form-urlencoded')
      .send({ user: { name: 'Tobo' }})
      .end(function(err, res){
+        if (err) return done(err);
        request(app)
        .get('/user/1/edit')
-        .end(function(err, res){
-          res.text.should.include('<h1>Tobo</h1>');
-          done();
-        })
+        .expect(200, /Tobo/, done)
      })
    })
  })
-})
+
+  describe('POST /user/:id/pet', function(){
+    it('should create a pet for user', function(done){
+      request(app)
+      .post('/user/2/pet')
+      .set('Content-Type', 'application/x-www-form-urlencoded')
+      .send({ pet: { name: 'Snickers' }})
+      .expect('Location', '/user/2')
+      .expect(302, function(err, res){
+        if (err) return done(err)
+        request(app)
+        .get('/user/2')
+        .expect(200, /Snickers/, done)
+      })
+    })
+  })
+})
--- a/test/acceptance/params.js
+++ b/test/acceptance/params.js
@@ -1,5 +1,5 @@
 var app = require('../../examples/params/app')
-  , request = require('../support/http');
+var request = require('supertest')

 describe('params', function(){
  describe('GET /', function(){
@@ -18,6 +18,14 @@ describe('params', function(){
    })
  })

+  describe('GET /user/9', function(){
+    it('should fail to find user', function(done){
+      request(app)
+        .get('/user/9')
+        .expect(/failed to find user/,done)
+    })
+  })
+
  describe('GET /users/0-2', function(){
    it('should respond with three users', function(done){
      request(app)
@@ -25,4 +33,12 @@ describe('params', function(){
        .expect(/users tj, tobi/,done)
    })
  })
-})
+
+  describe('GET /users/foo-bar', function(){
+    it('should fail integer parsing', function(done){
+      request(app)
+        .get('/users/foo-bar')
+        .expect(/failed to parseInt foo/,done)
+    })
+  })
+})
--- a/test/acceptance/resource.js
+++ b/test/acceptance/resource.js
@@ -1,5 +1,5 @@
 var app = require('../../examples/resource/app')
-  , request = require('../support/http');
+var request = require('supertest')

 describe('resource', function(){
  describe('GET /', function(){
@@ -26,6 +26,14 @@ describe('resource', function(){
    })
  })

+  describe('GET /users/9', function(){
+    it('should respond with error', function(done){
+      request(app)
+        .get('/users/9')
+        .expect('{"error":"Cannot find user"}', done)
+    })
+  })
+
  describe('GET /users/1..3', function(){
    it('should respond with users 1 through 3', function(done){
      request(app)
@@ -35,13 +43,21 @@ describe('resource', function(){
  })

  describe('DELETE /users/1', function(){
-    it('should respond with users 1 through 3', function(done){
+    it('should delete user 1', function(done){
      request(app)
        .del('/users/1')
        .expect(/^destroyed/,done)
    })
  })

+  describe('DELETE /users/9', function(){
+    it('should fail', function(done){
+      request(app)
+        .del('/users/9')
+        .expect('Cannot find user', done)
+    })
+  })
+
  describe('GET /users/1..3.json', function(){
    it('should respond with users 2 and 3 as json', function(done){
      request(app)
@@ -49,4 +65,4 @@ describe('resource', function(){
        .expect(/^\[null,{"name":"aaron"},{"name":"guillermo"}\]/,done)
    })
  })
-})
+})
--- a/test/acceptance/web-service.js
+++ b/test/acceptance/web-service.js
@@ -1,5 +1,5 @@

-var request = require('../support/http')
+var request = require('supertest')
  , app = require('../../examples/web-service');

 describe('web-service', function(){
@@ -24,11 +24,72 @@ describe('web-service', function(){
      it('should respond users json', function(done){
        request(app)
        .get('/api/users?api-key=foo')
-        .end(function(err, res){
-          res.should.be.json;
-          res.text.should.equal('[{"name":"tobi"},{"name":"loki"},{"name":"jane"}]');
-          done();
-        });
+        .expect('Content-Type', 'application/json; charset=utf-8')
+        .expect(200, '[{"name":"tobi"},{"name":"loki"},{"name":"jane"}]', done)
+      })
+    })
+  })
+
+  describe('GET /api/repos', function(){
+    describe('without an api key', function(){
+      it('should respond with 400 bad request', function(done){
+        request(app)
+        .get('/api/repos')
+        .expect(400, done);
+      })
+    })
+
+    describe('with an invalid api key', function(){
+      it('should respond with 401 unauthorized', function(done){
+        request(app)
+        .get('/api/repos?api-key=rawr')
+        .expect(401, done);
+      })
+    })
+
+    describe('with a valid api key', function(){
+      it('should respond repos json', function(done){
+        request(app)
+        .get('/api/repos?api-key=foo')
+        .expect('Content-Type', 'application/json; charset=utf-8')
+        .expect(/"name":"express"/)
+        .expect(/"url":"http:\/\/github.com\/strongloop\/express"/)
+        .expect(200, done)
+      })
+    })
+  })
+
+  describe('GET /api/user/:name/repos', function(){
+    describe('without an api key', function(){
+      it('should respond with 400 bad request', function(done){
+        request(app)
+        .get('/api/user/loki/repos')
+        .expect(400, done);
+      })
+    })
+
+    describe('with an invalid api key', function(){
+      it('should respond with 401 unauthorized', function(done){
+        request(app)
+        .get('/api/user/loki/repos?api-key=rawr')
+        .expect(401, done);
+      })
+    })
+
+    describe('with a valid api key', function(){
+      it('should respond user repos json', function(done){
+        request(app)
+        .get('/api/user/loki/repos?api-key=foo')
+        .expect('Content-Type', 'application/json; charset=utf-8')
+        .expect(/"name":"stylus"/)
+        .expect(/"url":"http:\/\/github.com\/learnboost\/stylus"/)
+        .expect(200, done)
+      })
+
+      it('should 404 with unknown user', function(done){
+        request(app)
+        .get('/api/user/bob/repos?api-key=foo')
+        .expect(404, done)
      })
    })
  })
@@ -37,12 +98,8 @@ describe('web-service', function(){
    it('should respond with 404 json', function(done){
      request(app)
      .get('/api/something?api-key=bar')
-      .end(function(err, res){
-        res.should.have.status(404);
-        res.should.be.json;
-        res.text.should.equal('{"error":"Lame, can\'t find that"}');
-        done();
-      });
+      .expect('Content-Type', /json/)
+      .expect(404, '{"error":"Lame, can\'t find that"}', done)
    })
  })
-})
+})
--- a/test/app.all.js
+++ b/test/app.all.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app.all()', function(){
  it('should add a router per method', function(done){
--- a/test/app.del.js
+++ b/test/app.del.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app.del()', function(){
  it('should alias app.delete()', function(done){
--- a/test/app.head.js
+++ b/test/app.head.js
@@ -1,7 +1,7 @@

-var express = require('../')
-  , request = require('./support/http')
-  , assert = require('assert');
+var express = require('../');
+var request = require('supertest');
+var assert = require('assert');

 describe('HEAD', function(){
  it('should default to GET', function(done){
@@ -16,6 +16,31 @@ describe('HEAD', function(){
    .head('/tobi')
    .expect(200, done);
  })
+
+  it('should output the same headers as GET requests', function(done){
+    var app = express();
+
+    app.get('/tobi', function(req, res){
+      // send() detects HEAD
+      res.send('tobi');
+    });
+
+    request(app)
+    .get('/tobi')
+    .expect(200, function(err, res){
+      if (err) return done(err);
+      var headers = res.headers;
+      request(app)
+      .get('/tobi')
+      .expect(200, function(err, res){
+        if (err) return done(err);
+        delete headers.date;
+        delete res.headers.date;
+        assert.deepEqual(res.headers, headers);
+        done();
+      });
+    });
+  })
 })

 describe('app.head()', function(){
--- a/test/app.js
+++ b/test/app.js
@@ -71,4 +71,13 @@ describe('in production', function(){
    app.enabled('view cache').should.be.true;
    process.env.NODE_ENV = 'test';
  })
-})
+})
+
+describe('without NODE_ENV', function(){
+  it('should default to development', function(){
+    process.env.NODE_ENV = '';
+    var app = express();
+    app.get('env').should.equal('development');
+    process.env.NODE_ENV = 'test';
+  })
+})
--- a/test/app.listen.js
+++ b/test/app.listen.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app.listen()', function(){
  it('should wrap with an HTTP server', function(done){
--- a/test/app.locals.js
+++ b/test/app.locals.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app', function(){
  describe('.locals(obj)', function(){
@@ -14,7 +14,7 @@ describe('app', function(){
      app.locals.age.should.equal(2);
    })
  })
-  
+
  describe('.locals.settings', function(){
    it('should expose app settings', function(){
      var app = express();
--- a/test/app.options.js
+++ b/test/app.options.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('OPTIONS', function(){
  it('should default to the routes defined', function(done){
@@ -58,4 +58,4 @@ describe('app.options()', function(){
    .expect('GET')
    .expect('Allow', 'GET', done);
  })
-})
+})
--- a/test/app.param.js
+++ b/test/app.param.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app', function(){
  describe('.param(fn)', function(){
@@ -37,6 +37,11 @@ describe('app', function(){
      });

    })
+
+    it('should fail if not given fn', function(){
+      var app = express();
+      app.param.bind(app, ':name', 'bob').should.throw();
+    })
  })

  describe('.param(names, fn)', function(){
@@ -95,5 +100,61 @@ describe('app', function(){
      .get('/user/123')
      .expect('123', done);
    })
+
+    it('should work with encoded values', function(done){
+      var app = express();
+
+      app.param('name', function(req, res, next, name){
+        req.params.name = name;
+        next();
+      });
+
+      app.get('/user/:name', function(req, res){
+        var name = req.params.name;
+        res.send('' + name);
+      });
+
+      request(app)
+      .get('/user/foo%25bar')
+      .expect('foo%bar', done);
+    })
+
+    it('should catch thrown error', function(done){
+      var app = express();
+
+      app.param('id', function(req, res, next, id){
+        throw new Error('err!');
+      });
+
+      app.get('/user/:id', function(req, res){
+        var id = req.params.id;
+        res.send('' + id);
+      });
+
+      request(app)
+      .get('/user/123')
+      .expect(500, done);
+    })
+
+    it('should defer to next route', function(done){
+      var app = express();
+
+      app.param('id', function(req, res, next, id){
+        next('route');
+      });
+
+      app.get('/user/:id', function(req, res){
+        var id = req.params.id;
+        res.send('' + id);
+      });
+
+      app.get('/:name/123', function(req, res){
+        res.send('name');
+      });
+
+      request(app)
+      .get('/user/123')
+      .expect('name', done);
+    })
  })
 })
--- a/test/app.render.js
+++ b/test/app.render.js
@@ -54,6 +54,27 @@ describe('app', function(){
      })
    })

+    it('should handle render error throws', function(done){
+      var app = express();
+
+      function View(name, options){
+        this.name = name;
+        this.path = 'fale';
+      }
+
+      View.prototype.render = function(options, fn){
+        throw new Error('err!');
+      };
+
+      app.set('view', View);
+
+      app.render('something', function(err, str){
+        err.should.be.ok;
+        err.message.should.equal('err!');
+        done();
+      })
+    })
+
    describe('when the file does not exist', function(){
      it('should provide a helpful error', function(done){
        var app = express();
@@ -74,7 +95,7 @@ describe('app', function(){
        app.render('user.jade', function(err, str){
          // nextTick to prevent cyclic
          process.nextTick(function(){
-            err.message.should.match(/user is not defined/);
+            err.message.should.match(/Cannot read property 'name' of undefined/);
            done();
          });
        })
@@ -132,6 +153,68 @@ describe('app', function(){
        })
      })
    })
+
+    describe('caching', function(){
+      it('should always lookup view without cache', function(done){
+        var app = express();
+        var count = 0;
+
+        function View(name, options){
+          this.name = name;
+          this.path = 'fake';
+          count++;
+        }
+
+        View.prototype.render = function(options, fn){
+          fn(null, 'abstract engine');
+        };
+
+        app.set('view cache', false);
+        app.set('view', View);
+
+        app.render('something', function(err, str){
+          if (err) return done(err);
+          count.should.equal(1);
+          str.should.equal('abstract engine');
+          app.render('something', function(err, str){
+            if (err) return done(err);
+            count.should.equal(2);
+            str.should.equal('abstract engine');
+            done();
+          })
+        })
+      })
+
+      it('should cache with "view cache" setting', function(done){
+        var app = express();
+        var count = 0;
+
+        function View(name, options){
+          this.name = name;
+          this.path = 'fake';
+          count++;
+        }
+
+        View.prototype.render = function(options, fn){
+          fn(null, 'abstract engine');
+        };
+
+        app.set('view cache', true);
+        app.set('view', View);
+
+        app.render('something', function(err, str){
+          if (err) return done(err);
+          count.should.equal(1);
+          str.should.equal('abstract engine');
+          app.render('something', function(err, str){
+            if (err) return done(err);
+            count.should.equal(1);
+            str.should.equal('abstract engine');
+            done();
+          })
+        })
+      })
+    })
  })

  describe('.render(name, options, fn)', function(){
@@ -175,5 +258,37 @@ describe('app', function(){
        done();
      })
    })
+
+    describe('caching', function(){
+      it('should cache with cache option', function(done){
+        var app = express();
+        var count = 0;
+
+        function View(name, options){
+          this.name = name;
+          this.path = 'fake';
+          count++;
+        }
+
+        View.prototype.render = function(options, fn){
+          fn(null, 'abstract engine');
+        };
+
+        app.set('view cache', false);
+        app.set('view', View);
+
+        app.render('something', {cache: true}, function(err, str){
+          if (err) return done(err);
+          count.should.equal(1);
+          str.should.equal('abstract engine');
+          app.render('something', {cache: true}, function(err, str){
+            if (err) return done(err);
+            count.should.equal(1);
+            str.should.equal('abstract engine');
+            done();
+          })
+        })
+      })
+    })
  })
 })
--- a/test/app.request.js
+++ b/test/app.request.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app', function(){
  describe('.request', function(){
--- a/test/app.response.js
+++ b/test/app.response.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app', function(){
  describe('.response', function(){
@@ -19,7 +19,7 @@ describe('app', function(){
      .get('/')
      .expect('HEY', done);
    })
-    
+
    it('should not be influenced by other app protos', function(done){
      var app = express()
        , app2 = express();
@@ -27,7 +27,7 @@ describe('app', function(){
      app.response.shout = function(str){
        this.send(str.toUpperCase());
      };
-      
+
      app2.response.shout = function(str){
        this.send(str);
      };
--- a/test/app.router.js
+++ b/test/app.router.js
@@ -1,14 +1,15 @@

 var express = require('../')
-  , request = require('./support/http')
+  , request = require('supertest')
  , assert = require('assert')
  , methods = require('methods');

 describe('app.router', function(){
  describe('methods supported', function(){
-    methods.forEach(function(method){
+    methods.concat('del').forEach(function(method){
+      if (method === 'connect') return;
+
      it('should include ' + method.toUpperCase(), function(done){
-        if (method == 'delete') method = 'del';
        var app = express();
        var calls = [];

@@ -152,8 +153,8 @@ describe('app.router', function(){
      var app = express();

      app.get(/^\/user\/([0-9]+)\/(view|edit)?$/, function(req, res){
-        var id = req.params.shift()
-          , op = req.params.shift();
+        var id = req.params[0]
+          , op = req.params[1];
        res.end(op + 'ing user ' + id);
      });

@@ -328,8 +329,8 @@ describe('app.router', function(){
      var app = express();

      app.get('/api/*.*', function(req, res){
-        var resource = req.params.shift()
-          , format = req.params.shift();
+        var resource = req.params[0]
+          , format = req.params[1];
        res.end(resource + ' as ' + format);
      });

@@ -563,6 +564,30 @@ describe('app.router', function(){
    })
  })

+  describe('when next("route") is called', function(){
+    it('should jump to next route', function(done){
+      var app = express()
+
+      function fn(req, res, next){
+        res.set('X-Hit', '1')
+        next('route')
+      }
+
+      app.get('/foo', fn, function(req, res, next){
+        res.end('failure')
+      });
+
+      app.get('/foo', function(req, res){
+        res.end('success')
+      })
+
+      request(app)
+      .get('/foo')
+      .expect('X-Hit', '1')
+      .expect(200, 'success', done)
+    })
+  })
+
  describe('when next(err) is called', function(){
    it('should break out of app.router', function(done){
      var app = express()
--- a/test/app.routes.error.js
+++ b/test/app.routes.error.js
@@ -1,5 +1,5 @@
 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app', function(){
  describe('.VERB()', function(){
--- a/test/app.routes.js
+++ b/test/app.routes.js
@@ -1,7 +1,7 @@

 var express = require('../')
  , assert = require('assert')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app.routes', function(){
  it('should be initialized', function(){
--- a/test/app.use.js
+++ b/test/app.use.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('app', function(){
  it('should emit "mount" when mounted', function(done){
@@ -23,7 +23,7 @@ describe('app', function(){
      blog.get('/blog', function(req, res){
        res.end('blog');
      });
-      
+
      app.use(blog);

      request(app)
--- a/test/config.js
+++ b/test/config.js
@@ -13,6 +13,29 @@ describe('config', function(){
      var app = express();
      app.set('foo', undefined).should.equal(app);
    })
+
+    describe('"etag"', function(){
+      it('should throw on bad value', function(){
+        var app = express()
+        app.set.bind(app, 'etag', 42).should.throw(/unknown value/)
+      })
+
+      it('should set "etag fn"', function(){
+        var app = express()
+        var fn = function(){}
+        app.set('etag', fn)
+        app.get('etag fn').should.equal(fn)
+      })
+    })
+
+    describe('"trust proxy"', function(){
+      it('should set "trust proxy fn"', function(){
+        var app = express()
+        var fn = function(){}
+        app.set('trust proxy', fn)
+        app.get('trust proxy fn').should.equal(fn)
+      })
+    })
  })

  describe('.get()', function(){
@@ -91,4 +114,4 @@ describe('config', function(){
      app.disabled('foo').should.be.false;
    })
  })
-})
+})
--- a/test/exports.js
+++ b/test/exports.js
@@ -1,7 +1,7 @@

-var express = require('../')
-  , request = require('./support/http')
-  , assert = require('assert');
+var express = require('../');
+var request = require('supertest');
+var assert = require('assert');

 describe('exports', function(){
  it('should expose connect middleware', function(){
--- a/test/fixtures/.name
+++ b/test/fixtures/.name
@@ -0,0 +1 @@
+tobi
--- a/test/fixtures/blog/index.html
+++ b/test/fixtures/blog/index.html
@@ -0,0 +1 @@
+<b>index</b>
--- a/test/middleware.basic.js
+++ b/test/middleware.basic.js
@@ -1,6 +1,6 @@
 // 
 // var express = require('../')
-//   , request = require('./support/http');
+//   , request = require('supertest');
 // 
 // describe('middleware', function(){
 //   describe('.next()', function(){
--- a/test/regression.js
+++ b/test/regression.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('throw after .end()', function(){
  it('should fail gracefully', function(done){
--- a/test/req.accepted.js
+++ b/test/req.accepted.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('req', function(){
  describe('.accepted', function(){
--- a/test/req.acceptedCharsets.js
+++ b/test/req.acceptedCharsets.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('req', function(){
  describe('.acceptedCharsets', function(){
--- a/test/req.acceptedEncodings.js
+++ b/test/req.acceptedEncodings.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('req', function(){
  describe('.acceptedEncodings', function(){
--- a/test/req.acceptedLanguages.js
+++ b/test/req.acceptedLanguages.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('req', function(){
  describe('.acceptedLanguages', function(){
--- a/test/req.accepts.js
+++ b/test/req.accepts.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('req', function(){
  describe('.accepts(type)', function(){
--- a/test/req.acceptsCharset.js
+++ b/test/req.acceptsCharset.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('req', function(){
  describe('.acceptsCharset(type)', function(){
--- a/test/req.acceptsEncoding.js
+++ b/test/req.acceptsEncoding.js
@@ -0,0 +1,36 @@
+
+var express = require('../')
+  , request = require('supertest');
+
+describe('req', function(){
+  describe('.acceptsEncodings', function(){
+    it('should be true if encoding accpeted', function(done){
+      var app = express();
+
+      app.use(function(req, res){
+        req.acceptsEncoding('gzip').should.be.true;
+        req.acceptsEncoding('deflate').should.be.true;
+        res.end();
+      });
+
+      request(app)
+      .get('/')
+      .set('Accept-Encoding', ' gzip, deflate')
+      .expect(200, done);
+    })
+
+    it('should be false if encoding not accpeted', function(done){
+      var app = express();
+
+      app.use(function(req, res){
+        req.acceptsEncoding('bogus').should.be.false;
+        res.end();
+      });
+
+      request(app)
+      .get('/')
+      .set('Accept-Encoding', ' gzip, deflate')
+      .expect(200, done);
+    })
+  })
+})
--- a/test/req.acceptsLanguage.js
+++ b/test/req.acceptsLanguage.js
@@ -0,0 +1,53 @@
+
+var express = require('../')
+  , request = require('supertest');
+
+describe('req', function(){
+  describe('.acceptsLanguage', function(){
+    it('should be true if language accpeted', function(done){
+      var app = express();
+
+      app.use(function(req, res){
+        req.acceptsLanguage('en-us').should.be.true;
+        req.acceptsLanguage('en').should.be.true;
+        res.end();
+      });
+
+      request(app)
+      .get('/')
+      .set('Accept-Language', 'en;q=.5, en-us')
+      .expect(200, done);
+    })
+
+    it('should be false if language not accpeted', function(done){
+      var app = express();
+
+      app.use(function(req, res){
+        req.acceptsLanguage('es').should.be.false;
+        res.end();
+      });
+
+      request(app)
+      .get('/')
+      .set('Accept-Language', 'en;q=.5, en-us')
+      .expect(200, done);
+    })
+
+    describe('when Accept-Language is not present', function(){
+      it('should always return true', function(done){
+        var app = express();
+
+        app.use(function(req, res){
+          req.acceptsLanguage('en').should.be.true;
+          req.acceptsLanguage('es').should.be.true;
+          req.acceptsLanguage('jp').should.be.true;
+          res.end();
+        });
+
+        request(app)
+        .get('/')
+        .expect(200, done);
+      })
+    })
+  })
+})
--- a/test/req.auth.js
+++ b/test/req.auth.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('req', function(){
  describe('.auth', function(){
--- a/test/req.fresh.js
+++ b/test/req.fresh.js
@@ -1,20 +1,21 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('req', function(){
  describe('.fresh', function(){
    it('should return true when the resource is not modified', function(done){
      var app = express();
+      var etag = '"12345"';

      app.use(function(req, res){
-        res.set('ETag', '12345');
+        res.set('ETag', etag);
        res.send(req.fresh);
      });

      request(app)
      .get('/')
-      .set('If-None-Match', '12345')
+      .set('If-None-Match', etag)
      .expect(304, done);
    })

@@ -22,14 +23,14 @@ describe('req', function(){
      var app = express();

      app.use(function(req, res){
-        res.set('ETag', '123');
+        res.set('ETag', '"123"');
        res.send(req.fresh);
      });

      request(app)
      .get('/')
-      .set('If-None-Match', '12345')
-      .expect('false', done);
+      .set('If-None-Match', '"12345"')
+      .expect(200, 'false', done);
    })
  })
 })
--- a/test/req.get.js
+++ b/test/req.get.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http')
+  , request = require('supertest')
  , assert = require('assert');

 describe('req', function(){
--- a/test/req.host.js
+++ b/test/req.host.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http')
+  , request = require('supertest')
  , assert = require('assert');

 describe('req', function(){
@@ -18,6 +18,19 @@ describe('req', function(){
      .expect('example.com', done);
    })

+    it('should strip port number', function(done){
+      var app = express();
+
+      app.use(function(req, res){
+        res.end(req.host);
+      });
+
+      request(app)
+      .post('/')
+      .set('Host', 'example.com:3000')
+      .expect('example.com', done);
+    })
+
    it('should return undefined otherwise', function(done){
      var app = express();

@@ -30,5 +43,96 @@ describe('req', function(){
      .post('/')
      .expect('undefined', done);
    })
+
+    it('should work with IPv6 Host', function(done){
+      var app = express();
+
+      app.use(function(req, res){
+        res.end(req.host);
+      });
+
+      request(app)
+      .post('/')
+      .set('Host', '[::1]')
+      .expect('[::1]', done);
+    })
+
+    it('should work with IPv6 Host and port', function(done){
+      var app = express();
+
+      app.use(function(req, res){
+        res.end(req.host);
+      });
+
+      request(app)
+      .post('/')
+      .set('Host', '[::1]:3000')
+      .expect('[::1]', done);
+    })
+
+    describe('when "trust proxy" is enabled', function(){
+      it('should respect X-Forwarded-Host', function(done){
+        var app = express();
+
+        app.enable('trust proxy');
+
+        app.use(function(req, res){
+          res.end(req.host);
+        });
+
+        request(app)
+        .get('/')
+        .set('Host', 'localhost')
+        .set('X-Forwarded-Host', 'example.com')
+        .expect('example.com', done);
+      })
+
+      it('should ignore X-Forwarded-Host if socket addr not trusted', function(done){
+        var app = express();
+
+        app.set('trust proxy', '10.0.0.1');
+
+        app.use(function(req, res){
+          res.end(req.host);
+        });
+
+        request(app)
+        .get('/')
+        .set('Host', 'localhost')
+        .set('X-Forwarded-Host', 'example.com')
+        .expect('localhost', done);
+      })
+
+      it('should default to Host', function(done){
+        var app = express();
+
+        app.enable('trust proxy');
+
+        app.use(function(req, res){
+          res.end(req.host);
+        });
+
+        request(app)
+        .get('/')
+        .set('Host', 'example.com')
+        .expect('example.com', done);
+      })
+    })
+
+    describe('when "trust proxy" is disabled', function(){
+      it('should ignore X-Forwarded-Host', function(done){
+        var app = express();
+
+        app.use(function(req, res){
+          res.end(req.host);
+        });
+
+        request(app)
+        .get('/')
+        .set('Host', 'localhost')
+        .set('X-Forwarded-Host', 'evil')
+        .expect('localhost', done);
+      })
+    })
  })
 })
--- a/test/req.ip.js
+++ b/test/req.ip.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('req', function(){
  describe('.ip', function(){
@@ -20,6 +20,21 @@ describe('req', function(){
          .set('X-Forwarded-For', 'client, p1, p2')
          .expect('client', done);
        })
+
+        it('should return the addr after trusted proxy', function(done){
+          var app = express();
+
+          app.set('trust proxy', 2);
+
+          app.use(function(req, res, next){
+            res.send(req.ip);
+          });
+
+          request(app)
+          .get('/')
+          .set('X-Forwarded-For', 'client, p1, p2')
+          .expect('p1', done);
+        })
      })

      describe('when "trust proxy" is disabled', function(){
@@ -30,10 +45,9 @@ describe('req', function(){
            res.send(req.ip);
          });

-          request(app)
-          .get('/')
-          .set('X-Forwarded-For', 'client, p1, p2')
-          .expect('127.0.0.1', done);
+          var test = request(app).get('/')
+          test.set('X-Forwarded-For', 'client, p1, p2')
+          test.expect(200, getExpectedClientAddress(test._server), done);
        })
      })
    })
@@ -48,10 +62,19 @@ describe('req', function(){
          res.send(req.ip);
        });

-        request(app)
-        .get('/')
-        .expect('127.0.0.1', done);
+          var test = request(app).get('/')
+          test.expect(200, getExpectedClientAddress(test._server), done);
      })
    })
  })
 })
+
+/**
+ * Get the local client address depending on AF_NET of server
+ */
+
+function getExpectedClientAddress(server) {
+  return server.address().address === '::'
+    ? '::ffff:127.0.0.1'
+    : '127.0.0.1';
+}
--- a/test/req.ips.js
+++ b/test/req.ips.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('req', function(){
  describe('.ips', function(){
@@ -20,6 +20,21 @@ describe('req', function(){
          .set('X-Forwarded-For', 'client, p1, p2')
          .expect('["client","p1","p2"]', done);
        })
+
+        it('should stop at first untrusted', function(done){
+          var app = express();
+
+          app.set('trust proxy', 2);
+
+          app.use(function(req, res, next){
+            res.send(req.ips);
+          });
+
+          request(app)
+          .get('/')
+          .set('X-Forwarded-For', 'client, p1, p2')
+          .expect('["p1","p2"]', done);
+        })
      })

      describe('when "trust proxy" is disabled', function(){
--- a/test/req.is.js
+++ b/test/req.is.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 function req(ct) {
  var req = {
--- a/test/req.param.js
+++ b/test/req.param.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest')

 describe('req', function(){
  describe('.param(name, default)', function(){
@@ -29,7 +29,7 @@ describe('req', function(){
      .get('/?name=tj')
      .expect('tj', done);
    })
-    
+
    it('should check req.body', function(done){
      var app = express();

@@ -44,7 +44,7 @@ describe('req', function(){
      .send({ name: 'tj' })
      .expect('tj', done);
    })
-    
+
    it('should check req.params', function(done){
      var app = express();

--- a/test/req.path.js
+++ b/test/req.path.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('req', function(){
  describe('.path', function(){
--- a/test/req.protocol.js
+++ b/test/req.protocol.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('req', function(){
  describe('.protocol', function(){
@@ -32,6 +32,36 @@ describe('req', function(){
        .expect('https', done);
      })

+      it('should default to the socket addr if X-Forwarded-Proto not present', function(done){
+        var app = express();
+
+        app.enable('trust proxy');
+
+        app.use(function(req, res){
+          req.connection.encrypted = true;
+          res.end(req.protocol);
+        });
+
+        request(app)
+        .get('/')
+        .expect('https', done);
+      })
+
+      it('should ignore X-Forwarded-Proto if socket addr not trusted', function(done){
+        var app = express();
+
+        app.set('trust proxy', '10.0.0.1');
+
+        app.use(function(req, res){
+          res.end(req.protocol);
+        });
+
+        request(app)
+        .get('/')
+        .set('X-Forwarded-Proto', 'https')
+        .expect('http', done);
+      })
+
      it('should default to http', function(done){
        var app = express();

--- a/test/req.query.js
+++ b/test/req.query.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('req', function(){
  describe('.query', function(){
@@ -18,7 +18,7 @@ describe('req', function(){
        done();
      });
    })
-    
+
    it('should contain the parsed query-string', function(done){
      var app = express();

--- a/test/req.range.js
+++ b/test/req.range.js
@@ -1,5 +1,6 @@

-var express = require('../');
+var assert = require('assert');
+var express = require('..');

 function req(ret) {
  return {
@@ -27,5 +28,11 @@ describe('req', function(){
      ret.type = 'users';
      req('users=0-').range(Infinity).should.eql(ret);
    })
+
+    it('should return undefined if no range', function(){
+      var ret = [{ start: 0, end: 50 }, { start: 60, end: 100 }];
+      ret.type = 'bytes';
+      assert(req('').range(120) === undefined);
+    })
  })
 })
--- a/test/req.route.js
+++ b/test/req.route.js
@@ -1,6 +1,6 @@

 var express = require('../')
-  , request = require('./support/http');
+  , request = require('supertest');

 describe('req', function(){
  describe('.route', function(){
@@ -12,7 +12,7 @@ describe('req', function(){
        req.route.path.should.equal('/user/:id/:op?');
        next();
      });
-      
+
      app.get('/user/:id/edit', function(req, res){
        req.route.method.should.equal('get');
        req.route.path.should.equal('/user/:id/edit');
--- a/Show More
+++ b/Show More