@lottojs/secure-headers v0.1.4

About The Project

A middleware tailored for Node.js applications to set secure HTTP headers, mitigating various web vulnerabilities by enforcing headers for XSS protection, content security policy, strict transport security, MIME type sniffing prevention, and more. Initially created to serve the @lottojs/lotto package but nothing excludes it to be also used by the community.

Documentation

Complete API documentation is available at lottojs.tech.

Getting Started

Installation

 npm i @lottojs/secure-headers

Usage

The package provides middleware named secureHeaders. This middleware should be applied within your server handlers to set the necessary secure HTTP headers. These headers help in preventing various web vulnerabilities.

    import { createServer } from 'node:http';
    import { secureHeaders } from '@lottojs/secure-headers';

    createServer(
        async (req: IncomingMessage, res: ServerResponse) => {
                ...

                const secureHeaders = {
                    ...
                    xContentTypeOptions: 'nosniff',
                    xXssProtection: '1; mode=block',
                    contentSecurityPolicy: "default-src 'self'",
                    strictTransportSecurity:
                        'max-age=31536000; includeSubDomains; preload',
                    xFrameOptions: 'DENY',
                    cacheControl: 'no-store, no-cache, must-revalidate, private',
                    ...
                }

                secureHeaders(secureHeaders)(res, next())
                ...
        },
    )

Contributing

All forms of contributions are more than welcome! You can contribute in the following ways:

• Create an Issue
• Create a Pull Request
• Create third-party middlewares
• Share with your friends
• Make your application with Lotto.

For more details, see Contribution Guide.

License

Distributed under the MIT License. See LICENSE for more information.