1.0.0 • Published 3 years ago

@httpland/coop-middleware v1.0.0

Weekly downloads
-
License
MIT
Repository
github
Last release
3 years ago

coop-middleware

deno land deno doc GitHub release (latest by date) codecov GitHub

test NPM

HTTP cross-origin opener policy(COOP) middleware.

Compliant with HTML Living Standard, 7.1.3 Cross-origin opener policies.

Middleware

For a definition of Universal HTTP middleware, see the http-middleware project.

Usage

Middleware adds the Cross-Origin-Opener-Policy header to the response.

import {
  coop,
  type Handler,
} from "https://deno.land/x/coop_middleware@$VERSION/mod.ts";
import { assert } from "https://deno.land/std/testing/asserts.ts";

declare const request: Request;
declare const handler: Handler;

const middleware = coop();
const response = await middleware(request, handler);

assert(response.headers.has("cross-origin-opener-policy"));

yield:

Cross-Origin-Opener-Policy: same-origin

Options

The middleware factory accepts the following fields:

NameTypeDefaultDescription
policy"unsafe-none" | "same-origin-allow-popups" | "same-origin""same-origin"Embedder policy value.
reportTostring-Reporting endpoint name.
reportOnlybooleanfalseWhether the header is report-only or not.

policy

If specified, change the cross-origin opener policy value.

import { coop } from "https://deno.land/x/coop_middleware@$VERSION/middleware.ts";

const middleware = coop({ policy: "same-origin-allow-popups" });

yield:

Cross-Origin-Opener-Policy: same-origin-allow-popups

reportTo

If specified, adds a report-to param to the output.

import { coop } from "https://deno.land/x/coop_middleware@$VERSION/middleware.ts";

const middleware = coop({ reportTo: "default" });

yield:

Cross-Origin-Opener-Policy: same-origin;report-to=default

reportOnly

Depending on the value, the header will be:

ValueField name
trueCross-Origin-Opener-Policy-Report-Only
falseCross-Origin-Opener-Policy
import { coop } from "https://deno.land/x/coop_middleware@$VERSION/middleware.ts";

const middleware = coop({ reportOnly: true });

yield:

Cross-Origin-Opener-Policy-Report-Only: same-origin

Throwing error

If serialization of opener policy fails, it may throw TypeError.

The following cases are failures:

import { coop } from "https://deno.land/x/coop_middleware@$VERSION/middleware.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";

assertThrows(() => coop({ reportTo: "<invalid>" }));

Conditions

Middleware will execute if all of the following conditions are met:

  • Response does not include Cross-Origin-Opener-Policy header
  • Response does not include Cross-Origin-Opener-Policy-Report-Only header

Effects

Middleware may make changes to the following elements of the HTTP message.

  • HTTP Headers
    • Cross-Origin-Opener-Policy
    • Cross-Origin-Opener-Policy-Report-Only

API

All APIs can be found in the deno doc.

License

Copyright © 2023-present httpland.

Released under the MIT license

httpmiddlewareheadercoopcross-originopener-policycross-origin-opener-policycross-origin-opener-policy-report-onlypolicyreport-tosecurityfetch-api
@httpland/http-middleware@httpland/http-utils@httpland/sfv-parser@miyauci/isx
@everything-registry/sub-chunk-404
1.0.0

3 years ago

1.0.0-beta.1

3 years ago