@middy/http-security-headers - npm Package Compare versions

Comparing version 6.0.0-alpha.0 to 6.0.0-beta.0

index.d.ts

		@@ -32,2 +32,3 @@ import middy from '@middy/core'
		contentSecurityPolicy?: Record<string, string>
		contentSecurityPolicyReportOnly?: boolean
		crossOriginEmbedderPolicy?: {
		@@ -56,8 +57,8 @@ policy?: string

		type WithFalseValues<T> = { [K in keyof T]: T[K] \| false }
		type WithBoolValues<T> = { [K in keyof T]: T[K] \| boolean }

		declare function httpSecurityHeaders (
		options?: WithFalseValues<Options>
		declare function httpSecurityHeaders(
		options?: WithBoolValues<Options>
		): middy.MiddlewareObj

		export default httpSecurityHeaders

index.js

		@@ -39,2 +39,3 @@ import { normalizeHttpResponse } from '@middy/util'
		},
		contentSecurityPolicyReportOnly: false,
		contentTypeOptions: {
		@@ -117,9 +118,11 @@ action: 'nosniff'
		},
		reportingEndpoints: {},
		reportTo: {
		maxAge: 365 * 24 * 60 * 60,
		default: '',
		includeSubdomains: true,
		csp: '',
		staple: '',
		xss: ''
		// default: '',
		includeSubdomains: true
		// csp: '',
		// permissions: '',
		// staple: '',
		// xss: ''
		},
		@@ -141,3 +144,3 @@ strictTransportSecurity: {
		// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
		helmetHtmlOnly.contentSecurityPolicy = (headers, config) => {
		helmetHtmlOnly.contentSecurityPolicy = (reportOnly) => (headers, config) => {
		let header = Object.keys(config)
		@@ -153,3 +156,7 @@ .map((policy) => (config[policy] ? `${policy} ${config[policy]}` : ''))
		}
		headers['Content-Security-Policy'] = header

		const cspHeaderName = reportOnly
		? 'Content-Security-Policy-Report-Only'
		: 'Content-Security-Policy'
		headers[cspHeaderName] = header
		}
		@@ -189,5 +196,7 @@ // crossdomain - N/A - for Adobe products

		// DEPRECATED by reportingEndpoints
		helmetHtmlOnly.reportTo = (headers, config) => {
		headers['Report-To'] = Object.keys(config)
		.map((group) => {
		if (group === 'includeSubdomains' \|\| group === 'maxAge') return ''
		const includeSubdomains =
		@@ -205,2 +214,12 @@ group === 'default'

		helmet.reportingEndpoints = (headers, config) => {
		headers['Reporting-Endpoints'] = ''
		const keys = Object.keys(config)
		for (let i = 0, l = keys.length; i < l; i++) {
		if (i) headers['Reporting-Endpoints'] += ', '
		const key = keys[i]
		headers['Reporting-Endpoints'] += key + '="' + config[key] + '"'
		}
		}

		// https://github.com/helmetjs/hsts
		@@ -283,3 +302,10 @@ helmet.strictTransportSecurity = (headers, config) => {
		const config = { ...defaults[key], ...options[key] }
		helmetHtmlOnly[key](request.response.headers, config)
		if (key === 'contentSecurityPolicy') {
		helmetHtmlOnly[key](options.contentSecurityPolicyReportOnly)(
		request.response.headers,
		config
		)
		} else {
		helmetHtmlOnly[key](request.response.headers, config)
		}
		})
		@@ -286,0 +312,0 @@ }

package.json

		{
		"name": "@middy/http-security-headers",
		"version": "6.0.0-alpha.0",
		"version": "6.0.0-beta.0",
		"description": "Applies best practice security headers to responses. It's a simplified port of HelmetJS",
		@@ -70,7 +70,7 @@ "type": "module",
		"dependencies": {
		"@middy/util": "6.0.0-alpha.0"
		"@middy/util": "6.0.0-beta.0"
		},
		"devDependencies": {
		"@middy/core": "6.0.0-alpha.0"
		"@middy/core": "6.0.0-beta.0"
		}
		}

@middy/http-security-headers - npm Package Compare versions

New alerts

Fixed alerts

Improved metrics

Dependency changes