Product
Introducing Enhanced Alert Actions and Triage Functionality
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
@httpland/hsts-middleware
Advanced tools
Readme
HTTP Strict Transport Security(HSTS) middleware.
Compliant with RFC 6797, HTTP Strict Transport Security(HSTS).
For a definition of Universal HTTP middleware, see the http-middleware project.
Middleware adds the Strict-Transport-Security
header to the response.
import { hsts } from "https://deno.land/x/hsts_middleware@$VERSION/mod.ts";
import { assertEquals } from "https://deno.land/std/testing/asserts.ts";
declare const request: Request;
const middleware = hsts();
const response = await middleware(
request,
(request: Request) => new Response(),
);
assertEquals(
response.headers.get(
"strict-transport-security",
),
"max-age=15552000; includeSubDomains",
);
Default is to add the following header to the response.
Strict-Transport-Security: max-age=15552000; includeSubDomains
StrictTransportSecurity
is a structured object of the
Strict-Transport-Security
Header.
Name | Type | Required | Description |
---|---|---|---|
maxAge | number | :white_check_mark: | The number of seconds, after the reception of the STS header field, during which the UA regards the host. |
includeSubDomains | boolean | - | Whether the rule applies to all subdomains or not. |
preload | boolean | - | Whether the domain do preload or not. |
To enable HSTS preload, you will need to register HSTS look-ahead service.
import {
hsts,
type StrictTransportSecurity,
} from "https://deno.land/x/hsts_middleware@$VERSION/mod.ts";
const sts: StrictTransportSecurity = {
maxAge: 60 * 60 * 24 * 365 * 2, // 2year,
includeSubDomains: true,
preload: true,
};
const middleware = hsts(sts);
yield:
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Strict Transport Security is an invalid value, it
throws TypeError
.
An invalid value is obtained in the following cases:
maxAge
is not a non-negative integerimport { hsts } from "https://deno.land/x/hsts_middleware@$VERSION/mod.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";
assertThrows(() => hsts({ maxAge: NaN }));
STS presets are provided. It is value recommended by several hosts.
import { hsts, STS } from "https://deno.land/x/hsts_middleware@$VERSION/mod.ts";
const middleware = hsts(STS);
yield:
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Middleware may make changes to the following elements of the HTTP message.
Middleware is executed if all of the following conditions are met
Strict-Transport-Security
header does not exists in responseAll APIs can be found in the deno doc.
Copyright © 2023-present httpland.
Released under the MIT license
FAQs
HTTP Strict Transport Security(HSTS) middleware
We found that @httpland/hsts-middleware demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Product
Socket now supports four distinct alert actions instead of the previous two, and alert triaging allows users to override the actions taken for all individual alerts.
Security News
Polyfill.io has been serving malware for months via its CDN, after the project's open source maintainer sold the service to a company based in China.
Security News
OpenSSF is warning open source maintainers to stay vigilant against reputation farming on GitHub, where users artificially inflate their status by manipulating interactions on closed issues and PRs.