@httpland/hsts-middleware
Advanced tools
Readme
HTTP Strict Transport Security(HSTS) middleware.
Compliant with RFC 6797, HTTP Strict Transport Security(HSTS).
For a definition of Universal HTTP middleware, see the http-middleware project.
Middleware adds the Strict-Transport-Security header to the response.
import { hsts } from "https://deno.land/x/hsts_middleware@$VERSION/mod.ts";
import { assertEquals } from "https://deno.land/std/testing/asserts.ts";
declare const request: Request;
const middleware = hsts();
const response = await middleware(
request,
(request: Request) => new Response(),
);
assertEquals(
response.headers.get(
"strict-transport-security",
),
"max-age=15552000; includeSubDomains",
);
Default is to add the following header to the response.
Strict-Transport-Security: max-age=15552000; includeSubDomains
StrictTransportSecurity is a structured object of the
Strict-Transport-Security Header.
| Name | Type | Required | Description |
|---|---|---|---|
| maxAge | number | :white_check_mark: | The number of seconds, after the reception of the STS header field, during which the UA regards the host. |
| includeSubDomains | boolean | - | Whether the rule applies to all subdomains or not. |
| preload | boolean | - | Whether the domain do preload or not. |
To enable HSTS preload, you will need to register HSTS look-ahead service.
import {
hsts,
type StrictTransportSecurity,
} from "https://deno.land/x/hsts_middleware@$VERSION/mod.ts";
const sts: StrictTransportSecurity = {
maxAge: 60 * 60 * 24 * 365 * 2, // 2year,
includeSubDomains: true,
preload: true,
};
const middleware = hsts(sts);
yield:
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Strict Transport Security is an invalid value, it
throws TypeError.
An invalid value is obtained in the following cases:
maxAge is not a non-negative integerimport { hsts } from "https://deno.land/x/hsts_middleware@$VERSION/mod.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";
assertThrows(() => hsts({ maxAge: NaN }));
STS presets are provided. It is value recommended by several hosts.
import { hsts, STS } from "https://deno.land/x/hsts_middleware@$VERSION/mod.ts";
const middleware = hsts(STS);
yield:
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Middleware may make changes to the following elements of the HTTP message.
Middleware is executed if all of the following conditions are met
Strict-Transport-Security header does not exists in responseAll APIs can be found in the deno doc.
Copyright © 2023-present httpland.
Released under the MIT license
FAQs
HTTP Strict Transport Security(HSTS) middleware
The npm package @httpland/hsts-middleware receives a total of 14 weekly downloads. As such, @httpland/hsts-middleware popularity was classified as not popular.
We found that @httpland/hsts-middleware demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Streamline your login process and enhance security by enabling Single Sign-On (SSO) on the Socket platform, now available for all customers on the Enterprise plan, supporting 20+ identity providers.
Security News
Tea.xyz, a crypto project aimed at rewarding open source contributions, is once again facing backlash due to an influx of spam packages flooding public package registries.
Security News
As cyber threats become more autonomous, AI-powered defenses are crucial for businesses to stay ahead of attackers who can exploit software vulnerabilities at scale.