🚀 Big News:Socket Has Acquired Secure Annex.Learn More →
Socket
Book a DemoSign in
Socket
Book a DemoSign in

@httpland/coep-middleware

Package Overview
Dependencies
Maintainers
1
Versions
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

@httpland/coep-middleware

HTTP cross-origin embedder policy(COEP) middleware

latest
Source
npmnpm
Version
1.0.0
Version published
Weekly downloads
5
-37.5%
Maintainers
1
Weekly downloads
 
Created
Source

coep-middleware

deno land deno doc GitHub release (latest by date) codecov GitHub

test NPM

HTTP cross-origin embedder policy(COEP) middleware.

Compliant with HTML Living Standard, 7.1.4 Cross-origin embedder policies.

Middleware

For a definition of Universal HTTP middleware, see the http-middleware project.

Usage

Middleware adds the Cross-Origin-Embedder-Policy header to the response.

import {
  coep,
  type Handler,
} from "https://deno.land/x/coep_middleware@$VERSION/mod.ts";
import { assert } from "https://deno.land/std/testing/asserts.ts";

declare const request: Request;
declare const handler: Handler;

const middleware = coep();
const response = await middleware(request, handler);

assert(response.headers.has("cross-origin-embedder-policy"));

yield:

Cross-Origin-Embedder-Policy: require-corp

Options

The middleware factory accepts the following fields:

NameTypeDefaultDescription
policy"require-corp" | "unsafe-none" | credentialless"require-corp"Embedder policy value.
reportTostring-Reporting endpoint name.
reportOnlybooleanfalseWhether header is report-only or not.

policy

If specified, change the embedder policy value.

import { coep } from "https://deno.land/x/coep_middleware@$VERSION/middleware.ts";

const middleware = coep({ policy: "credentialless" });

yield:

Cross-Origin-Embedder-Policy: credentialless

reportTo

If specified, adds a report-to param to the output.

import { coep } from "https://deno.land/x/coep_middleware@$VERSION/middleware.ts";

const middleware = coep({ reportTo: "default" });

yield:

Cross-Origin-Embedder-Policy: require-corp;report-to=default

reportOnly

Depending on the value, the header will be:

ValueField name
trueCross-Origin-Embedder-Policy-Report-Only
falseCross-Origin-Embedder-Policy
import { coep } from "https://deno.land/x/coep_middleware@$VERSION/middleware.ts";

const middleware = coep({ reportOnly: true });

yield:

Cross-Origin-Embedder-Policy-Report-Only: require-corp

Throwing error

If serialize of embedder policy fails, it may throw TypeError.

Serialize fails in the following cases:

  • If reportTo field is an invalid <sf-token> syntax
import { coep } from "https://deno.land/x/coep_middleware@$VERSION/middleware.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";

assertThrows(() => coep({ reportTo: "<invalid>" }));

Conditions

Middleware will execute if all of the following conditions are met:

  • Response does not include Cross-Origin-Embedder-Policy header
  • Response does not include Cross-Origin-Embedder-Policy-Report-Only header

Effects

Middleware may make changes to the following elements of the HTTP message.

  • HTTP Headers
    • Cross-Origin-Embedder-Policy
    • Cross-Origin-Embedder-Policy-Report-Only

API

All APIs can be found in the deno doc.

License

Copyright © 2023-present httpland.

Released under the MIT license

Keywords

http
middleware
header
coep
cross-origin
cross-origin-embedder-policy

FAQs

Package last updated on 08 Apr 2023

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Socket Releases Free Certified Patches for Critical vm2 Sandbox Escape

Security News

Socket Releases Free Certified Patches for Critical vm2 Sandbox Escape

A critical vm2 sandbox escape can allow untrusted JavaScript to break isolation and execute commands on the host Node.js process.

By Wenxin Jiang, Marvin Fleischer, Jonah Ghebremichael  -  May 08, 2026