helmet - npm Package Versions

4.5.0 - 2021-04-17

Added

• helmet.crossOriginEmbedderPolicy: a new middleware for the Cross-Origin-Embedder-Policy header, disabled by default
• helmet.crossOriginOpenerPolicy: a new middleware for the Cross-Origin-Opener-Policy header, disabled by default
• helmet.crossOriginResourcePolicy: a new middleware for the Cross-Origin-Resource-Policy header, disabled by default

Changed

• true enables a middleware with default options. Previously, this would fail with an error if the middleware was already enabled by default.
• Log a warning when passing options to originAgentCluster at the top level

Fixed

• Incorrect documentation

4.4.1 - 2021-01-18

Changed

• Shrink the published package by about 2.5 kB

4.4.0 - 2021-01-17

Added

• helmet.originAgentCluster: a new middleware for the Origin-Agent-Cluster header, disabled by default

4.3.1 - 2020-12-27

Fixed

• helmet.contentSecurityPolicy: broken TypeScript types. See #283

4.3.0 - 2020-12-27

Added

• helmet.contentSecurityPolicy: setting the default-src to helmet.contentSecurityPolicy.dangerouslyDisableDefaultSrc disables it

Changed

• helmet.frameguard: slightly improved error messages for non-strings

4.2.0 - 2020-11-01

Added

• helmet.contentSecurityPolicy: get the default directives with contentSecurityPolicy.getDefaultDirectives()

Changed

• helmet() now supports objects that don't have Object.prototype in their chain, such as Object.create(null), as options
• helmet.expectCt: max-age is now first. See #264

4.1.1 - 2020-09-10

Changed

• Fixed a few errors in the README

4.1.0 - 2020-08-15

Added

• helmet.contentSecurityPolicy:
  • Directive values can now include functions, as they could in Helmet 3. See #243

Changed

• Helmet should now play more nicely with TypeScript

Removed

• The HelmetOptions interface is no longer exported. This only affects TypeScript users. If you need the functionality back, see this comment