Huge News!Announcing our $40M Series B led by Abstract Ventures.Learn More →
@middy/http-security-headers
Advanced tools
@middy/http-security-headers - npm Package Compare versions
Comparing version 4.0.0 to 4.0.1
| { | ||
| "name": "@middy/http-security-headers", | ||
| "version": "4.0.0", | ||
| "version": "4.0.1", | ||
| "description": "Applies best practice security headers to responses. It's a simplified port of HelmetJS", | ||
@@ -67,9 +67,9 @@ "type": "module", | ||
| "homepage": "https://middy.js.org", | ||
| "gitHead": "582286144bcd79968a8c7c2f8867a23c80079a47", | ||
| "gitHead": "c5ece2bfbb0d607dcdea5685bf194a6cc19acc8d", | ||
| "dependencies": { | ||
| "@middy/util": "4.0.0" | ||
| "@middy/util": "4.0.1" | ||
| }, | ||
| "devDependencies": { | ||
| "@middy/core": "4.0.0" | ||
| "@middy/core": "4.0.1" | ||
| } | ||
| } |
@@ -40,59 +40,2 @@ <div align="center"> | ||
| Applies best practice security headers to responses. It's a simplified port of HelmetJS. See [HelmetJS](https://helmetjs.github.io/) documentation for more details. | ||
| ## Install | ||
| To install this middleware you can use NPM: | ||
| ```bash | ||
| npm install --save @middy/http-security-headers | ||
| ``` | ||
| ## Options | ||
| Setting an option to `false` to cause that rule to be ignored. | ||
| ### All Responses | ||
| - `originAgentCluster`: Default to `{}` to include | ||
| - `referrerPolicy`: Default to `{ policy: 'no-referrer' }` | ||
| - `strictTransportSecurity`: Default to `{ maxAge: 15552000, includeSubDomains: true, preload: true }` | ||
| - X-`dnsPrefetchControl`: Default to `{ allow: false }` | ||
| - X-`downloadOptions`: Default to `{ action: 'noopen' }` | ||
| - X-`poweredBy`: Default to `{ server: '' }` to remove `Server` and `X-Powered-By` | ||
| - X-`contentTypeOptions`: Default to `{ action: 'nosniff' }` | ||
| ### HTML Responses | ||
| - `contentSecurityPolicy`: Default to `{ 'default-src': "'none'", 'base-uri':"'none'", 'sandbox':'', 'form-action':"'none'", 'frame-ancestors':"'none'", 'navigate-to':"'none'", 'report-to':'csp', 'require-trusted-types-for':"'script'", 'trusted-types':"'none'", 'upgrade-insecure-requests':'' }` | ||
| - `crossOriginEmbedderPolicy`: Default to `{ policy: 'require-corp' }` | ||
| - `crossOriginOpenerPolicy`: Default to `{ policy: 'same-origin' }` | ||
| - `crossOriginResourcePolicy`: Default to `{ policy: 'same-origin' }` | ||
| - `permissionsPolicy`: Default to `{ *:'', ... }` where all allowed values are set to disable | ||
| - `reportTo`: Defaults to `{ maxAge: 31536000, default: '', includeSubdomains: true, csp: '', staple:'', xss: '' }` which won't report by default, needs setting | ||
| - X-`frameOptions`: Default to `{ action: 'deny' }` | ||
| - X-`xssProtection`: Defaults to `{ reportUri: '' }'` | ||
| ## Sample usage | ||
| ```javascript | ||
| import middy from '@middy/core' | ||
| import httpSecurityHeaders from '@middy/http-security-headers' | ||
| const handler = middy((event, context) => { | ||
| return {} | ||
| }) | ||
| handler | ||
| .use(httpSecurityHeaders()) | ||
| ``` | ||
| ## Middy documentation and examples | ||
| For more documentation and examples, refers to the main [Middy monorepo on GitHub](https://github.com/middyjs/middy) or [Middy official website](https://middy.js.org). | ||
| ## Contributing | ||
| Everyone is very welcome to contribute to this repository. Feel free to [raise issues](https://github.com/middyjs/middy/issues) or to [submit Pull Requests](https://github.com/middyjs/middy/pulls). | ||
| ## License | ||
@@ -99,0 +42,0 @@ |
No alert changes
Worsened metrics
- Total package byte prevSize
- decreased by-10.12%
21225
- Number of lines in readme file
- decreased by-54.81%
47
Dependency changes
+ Added@middy/util@4.0.1(transitive)
- Removed@middy/util@4.0.0(transitive)
Updated@middy/util@4.0.1