Nonsense Placement Mandatory

    @skazka/server-helmet

    0.0.9 • Public • Published

    Server Helmet

    It helps to secure your Skazka server by setting various HTTP headers.

    NPM

    How to install

    npm i @skazka/server @skazka/server-helmet
    

    With yarn:

    yarn add @skazka/server @skazka/server-helmet
    

    Optionally you can add http server, error handler, logger, router, request and response:

    npm i @skazka/server-http @skazka/server-router @skazka/server-error @skazka/server-logger @skazka/server-request @skazka/server-response
    

    With yarn:

    yarn add @skazka/server-http @skazka/server-router @skazka/server-error @skazka/server-logger @skazka/server-request @skazka/server-response
    

    How to use

    const App = require('@skazka/server');
    const Router = require('@skazka/server-router');
    
    const helmet = require('@skazka/server-helmet');
            
    const error = require('@skazka/server-error');
    const logger = require('@skazka/server-logger');
    
    const request = require('@skazka/server-request');
    const response = require('@skazka/server-response');
            
    const server = require('@skazka/server-http');
            
    const app = new App();
    const router = new Router();
            
    app.all([
      error(),
      logger(),
      request(),
      response(),
      helmet(),
    ]);
        
    app.then(async (ctx) => {
      // it works for each request
    });
        
    router.get('/data').then(async (ctx) => {
      return ctx.response('data'); 
    });
            
    app.then(router.resolve());
            
    server.createHttpServer(app);

    Or with options:

    app.all([
      helmet({
        frameguard: false,
        ...
      })
    ]);

    You can also use its pieces individually:

     app.all([
       helmet.contentSecurityPolicy({
         directives: {
           defaultSrc: ["'self'", 'default.com'],
         },
       }),
       helmet.dnsPrefetchControl(),
       helmet.expectCt(),
       helmet.featurePolicy({
         features: {
           fullscreen: ['"self"'],
         },
       }),
       helmet.frameguard(),
       helmet.hidePoweredBy(),
       helmet.hpkp({
         maxAge: 7776000,
         sha256s: ['AbCdEf123=', 'ZyXwVu456='],
       }),
       helmet.hsts({
         maxAge: 7776000,
       }),
       helmet.ieNoOpen(),
       helmet.noCache(),
       helmet.noSniff(),
       helmet.permittedCrossDomainPolicies(),
       helmet.referrerPolicy(),
       helmet.xssFilter(),
     ]);

    How it works

    Helmet is a collection of 14 smaller middleware functions that set HTTP response headers. Running app.than(helmet()) will not include all of these middleware functions by default.

    Module Default?
    contentSecurityPolicy for setting Content Security Policy
    crossdomain for handling Adobe products' crossdomain requests
    dnsPrefetchControl controls browser DNS prefetching
    expectCt for handling Certificate Transparency
    featurePolicy to limit your site's features
    frameguard to prevent clickjacking
    hidePoweredBy to remove the X-Powered-By header
    hpkp for HTTP Public Key Pinning
    hsts for HTTP Strict Transport Security
    ieNoOpen sets X-Download-Options for IE8+
    noCache to disable client-side caching
    noSniff to keep clients from sniffing the MIME type
    referrerPolicy to hide the Referer header
    xssFilter adds some small XSS protections

    You can see more in the documentation.

    Install

    npm i @skazka/server-helmet

    DownloadsWeekly Downloads

    1

    Version

    0.0.9

    License

    MIT

    Unpacked Size

    5.78 kB

    Total Files

    3

    Last publish

    Collaborators

    • evheniy.bystrov
    • skazkajs