Resheader NPM | npm.io

resheader

Parser for Response Header

Usage

npm install resheader --save

// or

yarn add resheader

Import the methods:

var {
  parseHSTS,
  parseHPKP,
  parseCSP
} = require('resheader');

Parse a config object for HPKP:

let hpkpConf = {
  maxAge: 1000,
  sha256s: ['12345678', '9ABCDEF0'],
  includeSubdomains: true,
  reportOnly: false,
  reportUri: '/hpkp-report'
}

let hpkpHeader = parseHPKP(hpkpConf);

console.log(hpkpHeader);
// { 'Public-Key-Pins': 'pin-sha256="12345678"; pin-sha256="9ABCDEF0"; max-age=1000;' }

Then you can add this value to response header for better security.

APIs

parseHSTS(Object hstsConfig)
parseHPKP(Object hpkpConfig)
parseCSP(Object cspConfig)
getRecommended()

For an example, in mdl-skeleton, I started using this module as the replacement of helmet, by a very simple way:

mdl-skeleton/configs/headers/index.js

var base = require('./base');
var csp = require('./csp');
var hsts = require('./hsts');
var hpkp = require('./hpkp');

var {
  parseHSTS,
  parseHPKP,
  parseCSP
} = require('resheader');


var h = Object.assign(base, parseHSTS(hsts), parseHPKP(hpkp), parseCSP(csp));

module.exports = h;

These configured header properties will be applied to all reponses:

mdl-skeleton/server.js

const app = new Koa();

app.use(async (ctx, next) => {
  await next();
  ctx.set(config.headers);
});

Test

git clone https://github.com/ndaidong/resheader.git
cd resheader
npm install
npm test

License

The MIT License (MIT)

headers response web security util

7 years ago

7 years ago

7 years ago

7 years ago

7 years ago

7 years ago