@middy/http-security-headers
Advanced tools
Applies best practice security headers to responses. It's a simplified port of HelmetJS
HTTP security headers middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda
Applies best practice security headers to responses. It's a simplified port of [HelmetJS](https://helmetjs.github.io/). See HelmetJS documentation for more details.
You can read the documentation at: https://middy.js.org/docs/middlewares//http-security-headers
Applies best practice security headers to responses. It's a simplified port of HelmetJS. See HelmetJS documentation for more details.
To install this middleware you can use NPM:
npm install --save @middy/http-security-headers
Setting an option to false to cause that rule to be ignored.
originAgentCluster: Default to {} to includereferrerPolicy: Default to { policy: 'no-referrer' }strictTransportSecurity: Default to { maxAge: 15552000, includeSubDomains: true, preload: true }dnsPrefetchControl: Default to { allow: false }downloadOptions: Default to { action: 'noopen' }poweredBy: Default to { server: '' } to remove Server and X-Powered-BycontentTypeOptions: Default to { action: 'nosniff' }contentSecurityPolicy: Default to { 'default-src': "'none'", 'base-uri':"'none'", 'sandbox':'', 'form-action':"'none'", 'frame-ancestors':"'none'", 'navigate-to':"'none'", 'report-to':'csp', 'require-trusted-types-for':"'script'", 'trusted-types':"'none'", 'upgrade-insecure-requests':'' }crossOriginEmbedderPolicy: Default to { policy: 'require-corp' }crossOriginOpenerPolicy: Default to { policy: 'same-origin' }crossOriginResourcePolicy: Default to { policy: 'same-origin' }permissionsPolicy: Default to { *:'', ... } where all allowed values are set to disablereportTo: Defaults to { maxAge: 31536000, default: '', includeSubdomains: true, csp: '', staple:'', xss: '' } which won't report by default, needs settingframeOptions: Default to { action: 'deny' }xssProtection: Defaults to { reportUri: '' }'import middy from '@middy/core'
import httpSecurityHeaders from '@middy/http-security-headers'
const handler = middy((event, context) => {
return {}
})
handler
.use(httpSecurityHeaders())
For more documentation and examples, refers to the main Middy monorepo on GitHub or Middy official website.
Everyone is very welcome to contribute to this repository. Feel free to raise issues or to submit Pull Requests.
Licensed under MIT License. Copyright (c) 2017-2022 Luciano Mammino, will Farrell, and the Middy team.
FAQs
Applies best practice security headers to responses. It's a simplified port of HelmetJS
We found that @middy/http-security-headers demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 0 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Socket CEO Feross Aboukhadijeh discusses open source security challenges, including zero-day attacks and supply chain risks, on the Cyber Security Council podcast.
Security News
Research
Socket researchers uncover how threat actors weaponize Out-of-Band Application Security Testing (OAST) techniques across the npm, PyPI, and RubyGems ecosystems to exfiltrate sensitive data.
Security News
Research
A malicious npm campaign is targeting Ethereum developers by impersonating Hardhat plugins and the Nomic Foundation, stealing sensitive data like private keys.