🌜
🌞
@middy/http-security-headers

@middy/http-security-headers

v3.1.1

Applies best practice security headers to responses. It's a simplified port of HelmetJS

npm install @middy/http-security-headers

README

Middy http-security-headers middleware

Middy logo

HTTP security headers middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda

Applies best practice security headers to responses. It's a simplified port of [HelmetJS](https://helmetjs.github.io/). See HelmetJS documentation for more details.

npm version npm install size GitHub Actions CI status badge
Standard Code Style Known Vulnerabilities Language grade: JavaScript Core Infrastructure Initiative (CII) Best Practices
Chat on Gitter Ask questions on StackOverflow

You can read the documentation at: https://middy.js.org/docs/middlewares//http-security-headers

Applies best practice security headers to responses. It's a simplified port of HelmetJS. See HelmetJS documentation for more details.

Install

To install this middleware you can use NPM:

npm install --save @middy/http-security-headers

Options

Setting an option to false to cause that rule to be ignored.

All Responses

  • originAgentCluster: Default to {} to include
  • referrerPolicy: Default to { policy: 'no-referrer' }
  • strictTransportSecurity: Default to { maxAge: 15552000, includeSubDomains: true, preload: true }
  • X-dnsPrefetchControl: Default to { allow: false }
  • X-downloadOptions: Default to { action: 'noopen' }
  • X-poweredBy: Default to { server: '' } to remove Server and X-Powered-By
  • X-contentTypeOptions: Default to { action: 'nosniff' }

    HTML Responses

  • contentSecurityPolicy: Default to { 'default-src': "'none'", 'base-uri':"'none'", 'sandbox':'', 'form-action':"'none'", 'frame-ancestors':"'none'", 'navigate-to':"'none'", 'report-to':'csp', 'require-trusted-types-for':"'script'", 'trusted-types':"'none'", 'upgrade-insecure-requests':'' }
  • crossOriginEmbedderPolicy: Default to { policy: 'require-corp' }
  • crossOriginOpenerPolicy: Default to { policy: 'same-origin' }
  • crossOriginResourcePolicy: Default to { policy: 'same-origin' }
  • permissionsPolicy: Default to { *:'', ... } where all allowed values are set to disable
  • reportTo: Defaults to { maxAge: 31536000, default: '', includeSubdomains: true, csp: '', staple:'', xss: '' } which won't report by default, needs setting
  • X-frameOptions: Default to { action: 'deny' }
  • X-xssProtection: Defaults to { reportUri: '' }'

Sample usage

import middy from '@middy/core'
import httpSecurityHeaders from '@middy/http-security-headers'

const handler = middy((event, context) => {
  return {}
})

handler
  .use(httpSecurityHeaders())

Middy documentation and examples

For more documentation and examples, refers to the main Middy monorepo on GitHub or Middy official website.

Contributing

Everyone is very welcome to contribute to this repository. Feel free to raise issues or to submit Pull Requests.

License

Licensed under MIT License. Copyright (c) 2017-2022 Luciano Mammino, will Farrell, and the Middy team.

FOSSA Status

Release Notes

3.1.1
By will Farrell • Published on August 4, 2022

What's Changed

  • Add in module to package.json files @willfarrell
  • performance improvements @willfarrell

TypeScript

Docs

New Contributors

Full Changelog: https://github.com/middyjs/middy/compare/3.1.0...3.1.1

3.1.0
By will Farrell • Published on June 21, 2022

What's Changed

New Contributors

Full Changelog: https://github.com/middyjs/middy/compare/3.0.4...3.1.0

3.0.4
By will Farrell • Published on June 4, 2022

What's Changed

New Contributors

Full Changelog: https://github.com/middyjs/middy/compare/3.0.3...3.0.4

3.0.3
By will Farrell • Published on May 17, 2022

What's Changed

New Contributors

Full Changelog: https://github.com/middyjs/middy/compare/3.0.2...3.0.3

3.0.2
By will Farrell • Published on May 13, 2022

What's Changed

New Contributors

Full Changelog: https://github.com/middyjs/middy/compare/3.0.1...3.0.2

3.0.1
By will Farrell • Published on May 13, 2022

What's Changed

  • Updated dependencies

Full Changelog: https://github.com/middyjs/middy/compare/3.0.0...3.0.1

2.5.7
By will Farrell • Published on January 25, 2022

Fix publishing transpiling error in 2.5.6. Thanks to @maximepichou and @rreubenreyes for reporting.

General

License
MIT
Typescript Types
Built-in
Tree-shakeable
Yes

Popularity

GitHub Stargazers
3,030
Community Interest
2,905
Number of Forks
293

Maintenance

Commits
10/219/220250
Last Commit
Open Issues
4
Closed Issues
409
Open Pull Requests
1
Closed Pull Requests
149

Versions

Versions Released
10/219/22010
Latest Version Released
Aug 4, 2022
Current Tags
latest3.1.1
next3.1.0-rc.1

Dependencies

Dependencies (1)
Dev Dependencies (1)

Contributors

willfarrell
willfarrell
Commits: 384
lmammino
lmammino
Commits: 113
greenkeeper[bot]
greenkeeper[bot]
Commits: 12
vladgolubev
vladgolubev
Commits: 12
thejuan
thejuan
Commits: 12
dkatavic
dkatavic
Commits: 11
gsingh1
gsingh1
Commits: 10
joseSantacruz
joseSantacruz
Commits: 9
theburningmonk
theburningmonk
Commits: 6
leog
leog
Commits: 6
ossareh
ossareh
Commits: 5
JimiPedros
JimiPedros
Commits: 4
munierujp
munierujp
Commits: 4
sdomagala
sdomagala
Commits: 4
denovodavid
denovodavid
Commits: 3