frameguard
Advanced tools
frameguard - npm Package Compare versions
Comparing version 0.2.0 to 0.2.1
@@ -7,3 +7,3 @@ var isString = require('lodash.isstring'); | ||
| if (typeof action === 'undefined') { | ||
| if (action === undefined) { | ||
| header = 'SAMEORIGIN'; | ||
@@ -31,3 +31,3 @@ } else if (isString(action)) { | ||
| return function xframe(req, res, next) { | ||
| return function frameguard(req, res, next) { | ||
| res.setHeader('X-Frame-Options', header); | ||
@@ -34,0 +34,0 @@ next(); |
@@ -8,3 +8,3 @@ { | ||
| "description": "Middleware to set X-Frame-Options headers", | ||
| "version": "0.2.0", | ||
| "version": "0.2.1", | ||
| "keywords": [ | ||
@@ -30,7 +30,7 @@ "helmet", | ||
| "mocha": "^2.0.1", | ||
| "supertest": "^0.14.0" | ||
| "supertest": "^0.15.0" | ||
| }, | ||
| "dependencies": { | ||
| "lodash.isstring": "2.4.1" | ||
| "lodash.isstring": "3.0.0" | ||
| } | ||
| } |
| # Frameguard | ||
| [](https://travis-ci.org/helmetjs/frameguard) | ||
| **Trying to prevent:** Your page being put in a `<frame>` or `<iframe>` without your consent. This helps to prevent things like [clickjacking attacks](https://en.wikipedia.org/wiki/Clickjacking). | ||
| **How to we mitigate this:** The `X-Frame-Options` HTTP header restricts who can put your site in a frame. It has three modes: `DENY`, `SAMEORIGIN`, and `ALLOW-FROM`. If your app does not need to be framed (and most don't) you can use the default `DENY`. If your site can be in frames from the same origin, you can set it to `SAMEORIGIN`. If you want to allow it from a specific URL, you can allow that with `ALLOW-FROM` and a URL. | ||
| **How do we mitigate this:** The `X-Frame-Options` HTTP header restricts who can put your site in a frame. It has three modes: `DENY`, `SAMEORIGIN`, and `ALLOW-FROM`. If your app does not need to be framed (and most don't) you can use the default `DENY`. If your site can be in frames from the same origin, you can set it to `SAMEORIGIN`. If you want to allow it from a specific URL, you can allow that with `ALLOW-FROM` and a URL. | ||
@@ -12,4 +14,3 @@ Usage: | ||
| // These are equivalent: | ||
| app.use(frameguard()); | ||
| // Don't allow me to be in ANY frames: | ||
| app.use(frameguard('deny')); | ||
@@ -19,2 +20,3 @@ | ||
| app.use(frameguard('sameorigin')); | ||
| app.use(frameguard()); // defaults to this | ||
@@ -21,0 +23,0 @@ // Allow from a specific host: |
@@ -105,2 +105,7 @@ var frameguard = require('..'); | ||
| it('names its function and middleware', function () { | ||
| assert.equal(frameguard.name, 'frameguard'); | ||
| assert.equal(frameguard.name, frameguard().name); | ||
| }); | ||
| describe('with improper input', function () { | ||
@@ -107,0 +112,0 @@ |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by4.18%
9168
- Number of package files
- increased by16.67%
7
- Lines of code
- increased by2.82%
146
- Number of lines in readme file
- increased by8.33%
26
Dependency changes
+ Addedlodash.isstring@3.0.0(transitive)
- Removedlodash.isstring@2.4.1(transitive)
Updatedlodash.isstring@3.0.0