fastify-helmet
Advanced tools
Comparing version 5.3.2 to 6.0.0
import { FastifyPluginCallback } from "fastify"; | ||
import helmet = require("helmet"); | ||
import helmet from "helmet"; | ||
@@ -13,5 +13,5 @@ declare module 'fastify' { | ||
type FastifyHelmetOptions = Parameters<typeof helmet>[0] & { enableCSPNonces?: boolean }; | ||
export type FastifyHelmetOptions = NonNullable<Parameters<typeof helmet>[0] & { enableCSPNonces?: boolean }>; | ||
export const fastifyHelmet: FastifyPluginCallback<NonNullable<FastifyHelmetOptions>> & { | ||
export const fastifyHelmet: FastifyPluginCallback<FastifyHelmetOptions> & { | ||
contentSecurityPolicy: typeof helmet.contentSecurityPolicy; | ||
@@ -18,0 +18,0 @@ }; |
@@ -1,5 +0,5 @@ | ||
import fastify from "fastify"; | ||
import { expectType } from "tsd"; | ||
import fastify, { FastifyPluginCallback } from "fastify"; | ||
import { expectAssignable, expectType } from "tsd"; | ||
import helmet from "helmet"; | ||
import fastifyHelmet from "."; | ||
import fastifyHelmet, { FastifyHelmetOptions } from "."; | ||
@@ -10,3 +10,4 @@ const app = fastify(); | ||
app.register(fastifyHelmet, {}); | ||
app.register(fastifyHelmet, { | ||
const helmetOptions = { | ||
contentSecurityPolicy: false, | ||
@@ -23,4 +24,7 @@ dnsPrefetchControl: false, | ||
xssFilter: false | ||
}); | ||
}; | ||
expectAssignable<FastifyHelmetOptions>(helmetOptions); | ||
app.register(fastifyHelmet, helmetOptions); | ||
app.register(fastifyHelmet, { | ||
@@ -56,3 +60,3 @@ contentSecurityPolicy: { | ||
// these options are false or never | ||
// hidePoweredBy: false | ||
// hidePoweredBy: false | ||
// ieNoOpen: false, | ||
@@ -65,3 +69,3 @@ // noSniff: false, | ||
app.register(fastifyHelmet, { enableCSPNonces: true }); | ||
app.register(fastifyHelmet, { | ||
app.register(fastifyHelmet, { | ||
enableCSPNonces: true, | ||
@@ -84,1 +88,6 @@ contentSecurityPolicy: { | ||
expectType<typeof helmet.contentSecurityPolicy>(csp); | ||
// fastify-helmet instance is using the FastifyHelmetOptions options | ||
expectType<FastifyPluginCallback<FastifyHelmetOptions> & { | ||
contentSecurityPolicy: typeof helmet.contentSecurityPolicy; | ||
}>(fastifyHelmet); |
{ | ||
"name": "fastify-helmet", | ||
"version": "5.3.2", | ||
"version": "6.0.0", | ||
"description": "Important security headers for Fastify", | ||
@@ -34,3 +34,3 @@ "main": "index.js", | ||
"devDependencies": { | ||
"@types/node": "^15.0.0", | ||
"@types/node": "^17.0.0", | ||
"fastify": "^3.0.0", | ||
@@ -41,3 +41,3 @@ "pre-commit": "^1.2.2", | ||
"tap": "^15.0.0", | ||
"tsd": "^0.17.0", | ||
"tsd": "^0.19.0", | ||
"typescript": "^4.0.2" | ||
@@ -47,4 +47,4 @@ }, | ||
"fastify-plugin": "^3.0.0", | ||
"helmet": "^4.0.0" | ||
"helmet": "^5.0.1" | ||
} | ||
} |
12
test.js
@@ -131,3 +131,3 @@ 'use strict' | ||
const expected = { 'content-security-policy': 'default-src \'self\';base-uri \'self\';block-all-mixed-content;font-src \'self\' https: data:;frame-ancestors \'self\';img-src \'self\' data:;object-src \'none\';script-src \'self\';script-src-attr \'none\';style-src \'self\' https: \'unsafe-inline\';upgrade-insecure-requests' } | ||
const expected = { 'content-security-policy': 'default-src \'self\';base-uri \'self\';block-all-mixed-content;font-src \'self\' https: data:;form-action \'self\';frame-ancestors \'self\';img-src \'self\' data:;object-src \'none\';script-src \'self\';script-src-attr \'none\';style-src \'self\' https: \'unsafe-inline\';upgrade-insecure-requests' } | ||
@@ -191,3 +191,3 @@ t.include(res.headers, expected) | ||
t.includes(res.headers, { | ||
'content-security-policy': `default-src 'self';script-src 'self' 'nonce-${cspCache.script}';style-src 'self' 'nonce-${cspCache.style}'` | ||
'content-security-policy': `default-src 'self';script-src 'self' 'nonce-${cspCache.script}';style-src 'self' 'nonce-${cspCache.style}';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests` | ||
}) | ||
@@ -221,3 +221,3 @@ }) | ||
t.includes(res.headers, { | ||
'content-security-policy': `default-src 'self';script-src 'self' 'nonce-${cspCache.script}';style-src 'self' 'nonce-${cspCache.style}'` | ||
'content-security-policy': `default-src 'self';script-src 'self' 'nonce-${cspCache.script}';style-src 'self' 'nonce-${cspCache.style}';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests` | ||
}) | ||
@@ -230,3 +230,3 @@ | ||
t.includes(res.headers, { | ||
'content-security-policy': `default-src 'self';script-src 'self' 'nonce-${cspCache.script}';style-src 'self' 'nonce-${cspCache.style}'` | ||
'content-security-policy': `default-src 'self';script-src 'self' 'nonce-${cspCache.script}';style-src 'self' 'nonce-${cspCache.style}';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests` | ||
}) | ||
@@ -260,3 +260,3 @@ }) | ||
t.includes(res.headers, { | ||
'content-security-policy': `default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-${cspCache.script}';script-src-attr 'none';style-src 'self' 'unsafe-inline' 'nonce-${cspCache.style}';upgrade-insecure-requests` | ||
'content-security-policy': `default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self' 'unsafe-eval' 'unsafe-inline' 'nonce-${cspCache.script}';script-src-attr 'none';style-src 'self' 'unsafe-inline' 'nonce-${cspCache.style}';upgrade-insecure-requests` | ||
}) | ||
@@ -288,4 +288,4 @@ }) | ||
t.includes(res.headers, { | ||
'content-security-policy': `default-src 'self';script-src 'nonce-${cspCache.script}';style-src 'nonce-${cspCache.style}'` | ||
'content-security-policy': `default-src 'self';script-src 'nonce-${cspCache.script}';style-src 'nonce-${cspCache.style}';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src-attr 'none';upgrade-insecure-requests` | ||
}) | ||
}) |
Sorry, the diff of this file is not supported yet
Sorry, the diff of this file is not supported yet
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
22809
430
+ Addedhelmet@5.1.1(transitive)
- Removedhelmet@4.6.0(transitive)
Updatedhelmet@^5.0.1