helmet - npm Package Compare versions
Comparing version 4.1.0 to 4.1.1
| # Changelog | ||
| ## 4.1.1 - 2020-09-10 | ||
| ### Changed | ||
| - Fixed a few errors in the README | ||
| ## 4.1.0 - 2020-08-15 | ||
@@ -4,0 +10,0 @@ |
@@ -9,3 +9,3 @@ { | ||
| "description": "help secure Express/Connect apps with various HTTP headers", | ||
| "version": "4.1.0", | ||
| "version": "4.1.1", | ||
| "keywords": [ | ||
@@ -63,13 +63,13 @@ "express", | ||
| "@types/connect": "^3.4.33", | ||
| "@types/jest": "^26.0.9", | ||
| "@types/jest": "^26.0.13", | ||
| "@types/supertest": "^2.0.10", | ||
| "@typescript-eslint/eslint-plugin": "^3.8.0", | ||
| "@typescript-eslint/parser": "^3.8.0", | ||
| "@typescript-eslint/eslint-plugin": "^4.1.0", | ||
| "@typescript-eslint/parser": "^4.1.0", | ||
| "connect": "^3.7.0", | ||
| "eslint": "^7.6.0", | ||
| "jest": "^26.2.2", | ||
| "prettier": "^2.0.5", | ||
| "eslint": "^7.8.1", | ||
| "jest": "^26.4.2", | ||
| "prettier": "^2.1.1", | ||
| "supertest": "^4.0.2", | ||
| "ts-jest": "^26.1.4", | ||
| "typescript": "^3.9.7" | ||
| "ts-jest": "^26.3.0", | ||
| "typescript": "^4.0.2" | ||
| }, | ||
@@ -76,0 +76,0 @@ "scripts": { |
@@ -51,2 +51,24 @@ # Helmet | ||
| To set custom options for one of the middleware, add options like this: | ||
| ```js | ||
| // This sets custom options for the `referrerPolicy` middleware. | ||
| app.use( | ||
| helmet({ | ||
| referrerPolicy: { policy: "no-referrer" }, | ||
| }) | ||
| ); | ||
| ``` | ||
| You can also disable a middleware: | ||
| ```js | ||
| // This disables the `contentSecurityPolicy` middleware but keeps the rest. | ||
| app.use( | ||
| helmet({ | ||
| contentSecurityPolicy: false, | ||
| }) | ||
| ); | ||
| ``` | ||
| ## Reference | ||
@@ -254,3 +276,3 @@ | ||
| app.use( | ||
| helmet.strictTransportSecurity({ | ||
| helmet.hsts({ | ||
| maxAge: 123456, | ||
@@ -262,3 +284,3 @@ }) | ||
| app.use( | ||
| helmet.strictTransportSecurity({ | ||
| helmet.hsts({ | ||
| maxAge: 123456, | ||
@@ -271,3 +293,3 @@ includeSubDomains: false, | ||
| app.use( | ||
| helmet.strictTransportSecurity({ | ||
| helmet.hsts({ | ||
| maxAge: 63072000, | ||
@@ -407,3 +429,3 @@ preload: true, | ||
| <details> | ||
| <summary><code>helmet.hidePoweredBy(options)</code></summary> | ||
| <summary><code>helmet.hidePoweredBy()</code></summary> | ||
@@ -428,3 +450,3 @@ `helmet.hidePoweredBy` removes the `X-Powered-By` header, which is set by default in some frameworks (like Express). Removing the header offers very limited security benefits (see [this discussion](https://github.com/expressjs/express/pull/2813#issuecomment-159270428)) and is mostly removed to save bandwidth. | ||
| <details> | ||
| <summary><code>helmet.xssFilter(options)</code></summary> | ||
| <summary><code>helmet.xssFilter()</code></summary> | ||
@@ -431,0 +453,0 @@ `helmet.xssFilter` disables browsers' buggy cross-site scripting filter by setting the `X-XSS-Protection` header to `0`. See [discussion about disabling the header here](https://github.com/helmetjs/helmet/issues/230) and [documentation on MDN](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-XSS-Protection). |
New alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Fixed alerts
License Policy Violation
LicenseThis package is not allowed per your license policy. Review the package's license to ensure compliance.
Found 1 instance in 1 package
Improved metrics
- Total package byte prevSize
- increased by0.6%
68815
- Number of lines in readme file
- increased by5.01%
461