fastify-hsts
Fastify plugin for HTTP Strict Transport Security
Why?
You may know hsts as a hsts middleware used in helmet. And you could use it as a middleware in fastify also. So why i made this plugin?
You may find the reason in benchmark result and wish you like it. :)
Difference
This plugin has passed all hsts test cases. But there are some differences to csp:
- Will use default value if no
maxAge
option or it's invalid. - Will ignore
setIf
if it's not a function.
Install
Via npm:
npm i fastify-hsts
Via yarn:
yarn add fastify-hsts
Usage
const fastify = ;const fastifyHsts = ; const app = ;app; app;
Options
This plugin has the same options as the middleware in helmet.
maxAge {number}
Set max-age
in header. Default is 15552000
which means 180 days in seconds. Plugin will use default value if you passed in a non-numeric value.
includeSubDomains {boolean}
Set includeSubDomains
value in header. Default is true
. You could see more informations here for this value.
includeSubdomains {boolean}
Alias to includeSubDomains
.
preload {boolean}
Set preload
value in header. Default is false
. You could see more informations here for this value.
setIf {function}
This plugin will always set the header since the header is ignored in insecure HTTP. But if you wish to set it conditionally, you could use this.
app;
Changelog
- 0.3.0
- Use hsts test cases
- 0.2.0
- Add test case
- Add code coverage
- Add benchmarks
- 0.1.0
- Init version