0.10.3 • Published 2 months ago

@mcansh/http-helmet v0.10.3

Weekly downloads
-
License
MIT
Repository
github
Last release
2 months ago

HTTP Helmet

easily add CSP and other security headers to your web application.

Install

# npm
npm i @mcansh/http-helmet

Usage

basic example using hono

import crypto from "node:crypto";

import { serve } from "@hono/node-server";
import { Hono } from "hono";
import { createSecureHeaders } from "@mcansh/http-helmet";

const app = new Hono();

let html = String.raw;

app.get("/", () => {
  let nonce = crypto.randomBytes(16).toString("base64");

  let headers = createSecureHeaders({
    "Content-Security-Policy": {
      defaultSrc: ["'self'"],
      scriptSrc: ["'self'", `'nonce-${nonce}'`],
    },
  });

  headers.append("Content-Type", "text/html; charset=utf-8");

  return new Response(
    html`
      <!doctype html>
      <html lang="en">
        <head>
          <meta charset="UTF-8" />
          <meta
            name="viewport"
            content="width=device-width, initial-scale=1.0"
          />
          <title>Hello World</title>
        </head>
        <body>
          <h1>Hello World</h1>

          <script nonce="${nonce}">
            console.log("nonce configured");
          </script>

          <script>
            alert("nonce not configured");
          </script>
        </body>
      </html>
    `,
    { headers },
  );
});

serve(app, (info) => {
  console.log(`✅ app ready: http://${info.address}:${info.port}`);
});
type-fest
@everything-registry/sub-chunk-589@mcansh/remix-secure-headers
0.10.3

2 months ago

0.0.0-experimental-503c1f0

3 months ago

0.0.0-experimental-f26e920

3 months ago

0.10.2

3 months ago

0.0.0-experimental-854d264

3 months ago

0.10.1

4 months ago

0.0.0-experimental-ffc66da

5 months ago

0.10.0

5 months ago

0.0.0-experimental-52fcb20

5 months ago

0.9.0

6 months ago

0.8.2

6 months ago

0.8.1

9 months ago

0.8.0

9 months ago