felid-helmet
Using Helmet middlewares in your Felid app to help improving security.
Install
npm install felid-helmetor
yarn add felid-helmetUsage
const Felid = const helmet = const app = appThe following table displays all middlewares in Helmet, and the default ones. (Data comes from Helmet's doc)
| Module | Default? |
|---|---|
| contentSecurityPolicy for setting Content Security Policy | |
| crossdomain for handling Adobe products' crossdomain requests | |
| dnsPrefetchControl controls browser DNS prefetching | ✓ |
| expectCt for handling Certificate Transparency | |
| featurePolicy to limit your site's features | |
| frameguard to prevent clickjacking | ✓ |
| hidePoweredBy to remove the X-Powered-By header | ✓ |
| hpkp for HTTP Public Key Pinning | |
| hsts for HTTP Strict Transport Security | ✓ |
| ieNoOpen sets X-Download-Options for IE8+ | ✓ |
| noCache to disable client-side caching | |
| noSniff to keep clients from sniffing the MIME type | ✓ |
| referrerPolicy to hide the Referer header | |
| xssFilter adds some small XSS protections | ✓ |
Pass an option to the middleware:
appDisable a default middleware:
appTo enable a middleware, you can set the property to true (and use the default option), or just pass the option to it.
appFor more information, please check the official documentation of Helmet.