0.10.3 • Published 2 months ago
@mcansh/http-helmet v0.10.3
HTTP Helmet
easily add CSP and other security headers to your web application.
Install
# npm
npm i @mcansh/http-helmet
Usage
basic example using hono
import crypto from "node:crypto";
import { serve } from "@hono/node-server";
import { Hono } from "hono";
import { createSecureHeaders } from "@mcansh/http-helmet";
const app = new Hono();
let html = String.raw;
app.get("/", () => {
let nonce = crypto.randomBytes(16).toString("base64");
let headers = createSecureHeaders({
"Content-Security-Policy": {
defaultSrc: ["'self'"],
scriptSrc: ["'self'", `'nonce-${nonce}'`],
},
});
headers.append("Content-Type", "text/html; charset=utf-8");
return new Response(
html`
<!doctype html>
<html lang="en">
<head>
<meta charset="UTF-8" />
<meta
name="viewport"
content="width=device-width, initial-scale=1.0"
/>
<title>Hello World</title>
</head>
<body>
<h1>Hello World</h1>
<script nonce="${nonce}">
console.log("nonce configured");
</script>
<script>
alert("nonce not configured");
</script>
</body>
</html>
`,
{ headers },
);
});
serve(app, (info) => {
console.log(`✅ app ready: http://${info.address}:${info.port}`);
});
0.10.3
2 months ago
0.0.0-experimental-503c1f0
3 months ago
0.0.0-experimental-f26e920
3 months ago
0.10.2
3 months ago
0.0.0-experimental-854d264
3 months ago
0.10.1
4 months ago
0.0.0-experimental-ffc66da
5 months ago
0.10.0
5 months ago
0.0.0-experimental-52fcb20
5 months ago
0.9.0
6 months ago
0.8.2
6 months ago
0.8.1
9 months ago
0.8.0
9 months ago