@mashroom/mashroom-helmet

Mashroom Helmet

Plugin for Mashroom Server, a Integration Platform for Microfrontends.

This plugin adds the Helmet middleware which sets a bunch of protective HTTP headers on each response.

Usage

If node_modules/@mashroom is configured as plugin path just add @mashroom/mashroom-helmet as dependency.

You can override the default config in your Mashroom config file like this:

{
    "plugins": {
        "Mashroom Helmet Middleware": {
            "helmet": {
                "contentSecurityPolicy": false,
                "dnsPrefetchControl ": {
                    "allow": false
                },
                "expectCt": false,
                "featurePolicy": false,
                "frameguard": {
                    "action": "deny"
                },
                "hidePoweredBy": false,
                "hsts": {
                    "maxAge": 31536000
                },
                "ieNoOpen": false,
                "noSniff": {},
                "permittedCrossDomainPolicies": false,
                "referrerPolicy": false,
                "xssFilter": {
                    "mode": null
                }
            }
        }
    }
}

• helmet: The configuration will directly be passed to Helmet middelware. Checkout the Helmet Documentation for available options. You should enable the noCache module because this would significantly decrease the performance of the Mashroom Portal.

Changelog

1.8.3 (September 11, 2021)

• HTTP Proxy: The default implementation forwards now query parameters correctly if the base path already contains query parameters - fixes #85
• Sandbox App: Shows only Apps which are available for the authenticated user now (previously it also showed Apps that could not be loaded by the user)
• Admin App: Fixed broken autocomplete of roles
• Sandbox App: Apps are sorted by their name now