@httpland/hsts-middleware
Advanced tools
HTTP Strict Transport Security(HSTS) middleware.
Compliant with RFC 6797, HTTP Strict Transport Security(HSTS).
For a definition of Universal HTTP middleware, see the http-middleware project.
Middleware adds the Strict-Transport-Security header to the response.
import { hsts } from "https://deno.land/x/hsts_middleware@$VERSION/mod.ts";
import { assertEquals } from "https://deno.land/std/testing/asserts.ts";
declare const request: Request;
const middleware = hsts();
const response = await middleware(
request,
(request: Request) => new Response(),
);
assertEquals(
response.headers.get(
"strict-transport-security",
),
"max-age=15552000; includeSubDomains",
);
Default is to add the following header to the response.
Strict-Transport-Security: max-age=15552000; includeSubDomains
StrictTransportSecurity is a structured object of the
Strict-Transport-Security Header.
| Name | Type | Required | Description |
|---|---|---|---|
| maxAge | number | :white_check_mark: | The number of seconds, after the reception of the STS header field, during which the UA regards the host. |
| includeSubDomains | boolean | - | Whether the rule applies to all subdomains or not. |
| preload | boolean | - | Whether the domain do preload or not. |
To enable HSTS preload, you will need to register HSTS look-ahead service.
import {
hsts,
type StrictTransportSecurity,
} from "https://deno.land/x/hsts_middleware@$VERSION/mod.ts";
const sts: StrictTransportSecurity = {
maxAge: 60 * 60 * 24 * 365 * 2, // 2year,
includeSubDomains: true,
preload: true,
};
const middleware = hsts(sts);
yield:
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Strict Transport Security is an invalid value, it
throws TypeError.
An invalid value is obtained in the following cases:
maxAge is not a non-negative integerimport { hsts } from "https://deno.land/x/hsts_middleware@$VERSION/mod.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";
assertThrows(() => hsts({ maxAge: NaN }));
STS presets are provided. It is value recommended by several hosts.
import { hsts, STS } from "https://deno.land/x/hsts_middleware@$VERSION/mod.ts";
const middleware = hsts(STS);
yield:
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Middleware may make changes to the following elements of the HTTP message.
Middleware is executed if all of the following conditions are met
Strict-Transport-Security header does not exists in responseAll APIs can be found in the deno doc.
Copyright © 2023-present httpland.
Released under the MIT license
FAQs
HTTP Strict Transport Security(HSTS) middleware
We found that @httpland/hsts-middleware demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.