Nonstop Progressive Marxism
    Have ideas to improve npm?Join in the discussion! »

    resheader

    2.0.1 • Public • Published

    resheader

    Parser for Response Header

    NPM Build Status Coverage Status Dependency Status NSP Status

    Usage

    npm install resheader --save
    
    // or
    
    yarn add resheader
    

    Import the methods:

    var {
      parseHSTS,
      parseHPKP,
      parseCSP
    } = require('resheader');
    

    Parse a config object for HPKP:

    let hpkpConf = {
      maxAge: 1000,
      sha256s: ['12345678', '9ABCDEF0'],
      includeSubdomains: true,
      reportOnly: false,
      reportUri: '/hpkp-report'
    }
    
    let hpkpHeader = parseHPKP(hpkpConf);
    
    console.log(hpkpHeader);
    // { 'Public-Key-Pins': 'pin-sha256="12345678"; pin-sha256="9ABCDEF0"; max-age=1000;' }
    

    Then you can add this value to response header for better security.

    APIs

    • parseHSTS(Object hstsConfig)
    • parseHPKP(Object hpkpConfig)
    • parseCSP(Object cspConfig)
    • getRecommended()

    For an example, in mdl-skeleton, I started using this module as the replacement of helmet, by a very simple way:

    mdl-skeleton/configs/headers/index.js

    var base = require('./base');
    var csp = require('./csp');
    var hsts = require('./hsts');
    var hpkp = require('./hpkp');
    
    var {
      parseHSTS,
      parseHPKP,
      parseCSP
    } = require('resheader');
    
    
    var h = Object.assign(base, parseHSTS(hsts), parseHPKP(hpkp), parseCSP(csp));
    
    module.exports = h;
    
    

    These configured header properties will be applied to all reponses:

    mdl-skeleton/server.js

    const app = new Koa();
    
    app.use(async (ctx, next) => {
      await next();
      ctx.set(config.headers);
    });
    

    Test

    git clone https://github.com/ndaidong/resheader.git
    cd resheader
    npm install
    npm test
    

    License

    The MIT License (MIT)

    Install

    npm i resheader

    DownloadsWeekly Downloads

    1

    Version

    2.0.1

    License

    MIT

    Last publish

    Collaborators

    • avatar