0.3.0 • Published 6 years ago

fastify-frame-guard v0.3.0

Weekly downloads
16
License
MIT
Repository
github
Last release
6 years ago

fastify-frame-guard

Build Status Code coverage Code style Dependency Status Dev Dependency Status NPM version NPM downloads NPM license

Fastify plugin to set the X-Frame-Options header, mitigating things like clickjacking

Why?

You may know frameguard as a frameguard middleware used in helmet. And you could use it as a middleware in fastify also. So why i made this plugin?

You may find the reason in benchmark result and wish you like it. :)

Difference

This plugin has passed all frameguard test cases. And no difference in options.

Install

Via npm:

npm i fastify-frame-guard

Via yarn:

yarn add fastify-frame-guard

Usage

const fastify = require('fastify');
const fastifyFrameGuard = require('fastify-frame-guard');

const app = fastify();
app.register(fastifyFrameGuard, {
  // Your options
});

app.listen(3000, err => {
  if (err) throw err;
});

Options

This plugin has all options which the middleware in helmet gives and support a new option allowedDomains.

action {string}

Specify the action for this plugin which could be DENY, SAMEORIGIN or ALLOW-FROM. Default is SAMEORIGIN. Case insensitivity.

  • DENY: couldn't be framed
  • SAMEORIGIN: could only be framed from the same origin
  • ALLOW-FROM: could be framed from domain option
  • others: use default value

domain {string}

Specify the allowed domain for ALLOW-FROM action.

Changelog

  • 0.3.0
    • Drop allowedDomains option
    • Update test case
  • 0.2.0
    • Add test case
    • Add code coverage
    • Add benchmarks
  • 0.1.0:
    • Init version