1.0.1 • Published 4 years ago

felid-helmet v1.0.1

Weekly downloads
2
License
MIT
Repository
github
Last release
4 years ago

felid-helmet

npm version Build Status JavaScript Style Guide

Using Helmet middlewares in your Felid app to help improving security.

Install

npm install felid-helmet

or

yarn add felid-helmet

Usage

const Felid = require('felid')
const helmet = require('felid-helmet')

const app = new Felid()
app.plugin(helmet, options)

The following table displays all middlewares in Helmet, and the default ones. (Data comes from Helmet's doc)

ModuleDefault?
contentSecurityPolicy for setting Content Security Policy
crossdomain for handling Adobe products' crossdomain requests
dnsPrefetchControl controls browser DNS prefetching
expectCt for handling Certificate Transparency
featurePolicy to limit your site's features
frameguard to prevent clickjacking
hidePoweredBy to remove the X-Powered-By header
hpkp for HTTP Public Key Pinning
hsts for HTTP Strict Transport Security
ieNoOpen sets X-Download-Options for IE8+
noCache to disable client-side caching
noSniff to keep clients from sniffing the MIME type
referrerPolicy to hide the Referer header
xssFilter adds some small XSS protections

Pass an option to the middleware:

app.use(helmet, {
  xssFilter: { mode: null }
})

Disable a default middleware:

app.use(helmet, { xssFilter: false })

To enable a middleware, you can set the property to true (and use the default option), or just pass the option to it.

app.use(helmet, {
  expectCt: { maxAge: 123 },
  hpkp: true
})

For more information, please check the official documentation of Helmet.

License

MIT

helmethttp-headerssecurityfelidfelid-plugin
dns-prefetch-controldont-sniff-mimetypeexpect-ctfeature-policyframeguardhelmet-crossdomainhelmet-csphide-powered-byhstsienoopennocachereferrer-policyx-xss-protection
@everything-registry/sub-chunk-1657@infinitebrahmanuniverse/nolb-fel@zalastax/nolb-fel
1.0.1

4 years ago

1.0.0

4 years ago