2.0.1 • Published 7 years ago
resheader v2.0.1
resheader
Parser for Response Header
Usage
npm install resheader --save
// or
yarn add resheader
Import the methods:
var {
parseHSTS,
parseHPKP,
parseCSP
} = require('resheader');
Parse a config object for HPKP:
let hpkpConf = {
maxAge: 1000,
sha256s: ['12345678', '9ABCDEF0'],
includeSubdomains: true,
reportOnly: false,
reportUri: '/hpkp-report'
}
let hpkpHeader = parseHPKP(hpkpConf);
console.log(hpkpHeader);
// { 'Public-Key-Pins': 'pin-sha256="12345678"; pin-sha256="9ABCDEF0"; max-age=1000;' }
Then you can add this value to response header for better security.
APIs
- parseHSTS(Object hstsConfig)
- parseHPKP(Object hpkpConfig)
- parseCSP(Object cspConfig)
- getRecommended()
For an example, in mdl-skeleton, I started using this module as the replacement of helmet, by a very simple way:
mdl-skeleton/configs/headers/index.js
var base = require('./base');
var csp = require('./csp');
var hsts = require('./hsts');
var hpkp = require('./hpkp');
var {
parseHSTS,
parseHPKP,
parseCSP
} = require('resheader');
var h = Object.assign(base, parseHSTS(hsts), parseHPKP(hpkp), parseCSP(csp));
module.exports = h;
These configured header properties will be applied to all reponses:
const app = new Koa();
app.use(async (ctx, next) => {
await next();
ctx.set(config.headers);
});
Test
git clone https://github.com/ndaidong/resheader.git
cd resheader
npm install
npm test
License
The MIT License (MIT)