next-security - npm Package Compare versions

Comparing version 1.0.1 to 1.0.2

build/main/index.d.ts

@@ -10,2 +10,2 @@ import { SecurityConfig, SecurityHeader, SecurityHeaders } from './types';
 };
-export declare const withSecurity: (nextConfig: any, config?: SecurityConfig) => any;
+export declare const generateSecurityHeaders: (headers?: SecurityHeaders) => SecurityHeader[];

build/main/index.js

 "use strict";
 Object.defineProperty(exports, "__esModule", { value: true });
-exports.withSecurity = exports.nextSecurity = exports.defaultConfig = exports.getHeaderValueFromOptions = void 0;
+exports.generateSecurityHeaders = exports.nextSecurity = exports.defaultConfig = exports.getHeaderValueFromOptions = void 0;
 const types_1 = require("./types");
@@ -79,3 +79,3 @@ const headerValueMappers = {
                     source: '/(.*)',
-                    headers: generateSecurityHeaders(config.headers),
+                    headers: (0, exports.generateSecurityHeaders)(config.headers),
                 },
@@ -87,8 +87,3 @@ ];
 exports.nextSecurity = nextSecurity;
-const withSecurity = (nextConfig, config = exports.defaultConfig) => {
-    // TODO: fix returning the whole nextConfig instead
-    return Object.assign(Object.assign({}, (0, exports.nextSecurity)(config)), nextConfig.headers());
-};
-exports.withSecurity = withSecurity;
-const generateSecurityHeaders = (headers) => {
+const generateSecurityHeaders = (headers = exports.defaultConfig.headers) => {
     const headersArray = [];
@@ -106,2 +101,3 @@ for (const header in headers) {
 };
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsbUNBUWlCO0FBRWpCLE1BQU0sa0JBQWtCLEdBQUc7SUFDekIsdUJBQXVCLEVBQUUsQ0FBQyxLQUFtQyxFQUFFLEVBQUUsQ0FDL0Q7UUFDRSxXQUFXLEtBQUssQ0FBQyxNQUFNLEVBQUU7UUFDekIsS0FBSyxDQUFDLGlCQUFpQixJQUFJLG1CQUFtQjtRQUM5QyxLQUFLLENBQUMsT0FBTyxJQUFJLFNBQVM7S0FDM0I7U0FDRSxNQUFNLENBQUMsT0FBTyxDQUFDO1NBQ2YsSUFBSSxDQUFDLElBQUksQ0FBQztJQUNmLHFCQUFxQixFQUFFLENBQUMsS0FBaUMsRUFBRSxFQUFFO1FBQzNELE9BQU8sTUFBTSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUM7YUFDekIsR0FBRyxDQUFDLENBQUMsQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDLEVBQUUsRUFBRTtZQUM1QixJQUFJLFNBQVMsS0FBSywyQkFBMkIsRUFBRTtnQkFDN0MsT0FBTyxPQUFPLENBQUMsQ0FBQyxDQUFDLDJCQUEyQixDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7YUFDbkQ7WUFDRCxPQUFPLENBQ0wsQ0FBQyxPQUFvQixhQUFwQixPQUFPLHVCQUFQLE9BQU8sQ0FBZSxNQUFNO2dCQUM3QixHQUFHLFNBQVMsSUFBSyxPQUFvQixDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUNsRCxDQUFDO1FBQ0osQ0FBQyxDQUFDO2FBQ0QsTUFBTSxDQUFDLE9BQU8sQ0FBQzthQUNmLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUNoQixDQUFDO0lBQ0QsaUJBQWlCLEVBQUUsQ0FBQyxLQUE2QixFQUFFLEVBQUUsQ0FDbkQsTUFBTSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUM7U0FDbEIsR0FBRyxDQUNGLENBQUMsQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDLEVBQUUsRUFBRSxDQUN2QixDQUFDLE9BQW9CLGFBQXBCLE9BQU8sdUJBQVAsT0FBTyxDQUFlLE1BQU07UUFDN0IsR0FBRyxTQUFTLElBQUssT0FBb0IsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FDcEQ7U0FDQSxNQUFNLENBQUMsT0FBTyxDQUFDO1NBQ2YsSUFBSSxDQUFDLElBQUksQ0FBQztDQUNoQixDQUFDO0FBRUssTUFBTSx5QkFBeUIsR0FBRyxDQUN2QyxVQUFpQyxFQUNqQyxhQUFnQixFQUNoQixFQUFFOztJQUNGLE9BQU8sTUFBQSxNQUFBLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxtRUFBRyxhQUFhLENBQUMsbUNBQUksYUFBYSxDQUFDO0FBQzFFLENBQUMsQ0FBQztBQUxXLFFBQUEseUJBQXlCLDZCQUtwQztBQUVXLFFBQUEsYUFBYSxHQUFtQjtJQUMzQyxPQUFPLEVBQUU7UUFDUCx5QkFBeUIsRUFBRSxhQUFhO1FBQ3hDLHVCQUF1QixFQUFFLGFBQWE7UUFDdEMseUJBQXlCLEVBQUUsY0FBYztRQUN6QyxxQkFBcUIsRUFBRTtZQUNyQixVQUFVLEVBQUUsQ0FBQyxRQUFRLENBQUM7WUFDdEIsVUFBVSxFQUFFLENBQUMsUUFBUSxFQUFFLFFBQVEsRUFBRSxPQUFPLENBQUM7WUFDekMsYUFBYSxFQUFFLENBQUMsUUFBUSxDQUFDO1lBQ3pCLGlCQUFpQixFQUFFLENBQUMsUUFBUSxDQUFDO1lBQzdCLFNBQVMsRUFBRSxDQUFDLFFBQVEsRUFBRSxPQUFPLENBQUM7WUFDOUIsWUFBWSxFQUFFLENBQUMsUUFBUSxDQUFDO1lBQ3hCLGlCQUFpQixFQUFFLENBQUMsUUFBUSxDQUFDO1lBQzdCLFdBQVcsRUFBRSxDQUFDLFFBQVEsRUFBRSxRQUFRLEVBQUUsaUJBQWlCLENBQUM7WUFDcEQsMkJBQTJCLEVBQUUsSUFBSTtTQUNsQztRQUNELGtCQUFrQixFQUFFLElBQUk7UUFDeEIsY0FBYyxFQUFFLGFBQWE7UUFDN0IsdUJBQXVCLEVBQUU7WUFDdkIsTUFBTSxFQUFFLFFBQVE7WUFDaEIsaUJBQWlCLEVBQUUsSUFBSTtTQUN4QjtRQUNELG1CQUFtQixFQUFFLFNBQVM7UUFDOUIsbUJBQW1CLEVBQUUsS0FBSztRQUMxQixnQkFBZ0IsRUFBRSxRQUFRO1FBQzFCLGFBQWEsRUFBRSxZQUFZO1FBQzNCLDZCQUE2QixFQUFFLE1BQU07UUFDckMsY0FBYyxFQUFFLEdBQUc7UUFDbkIsaUJBQWlCLEVBQUU7WUFDakIsTUFBTSxFQUFFLENBQUMsSUFBSSxDQUFDO1lBQ2QsaUJBQWlCLEVBQUUsQ0FBQyxJQUFJLENBQUM7WUFDekIsVUFBVSxFQUFFLENBQUMsSUFBSSxDQUFDO1lBQ2xCLFdBQVcsRUFBRSxDQUFDLElBQUksQ0FBQztZQUNuQixVQUFVLEVBQUUsQ0FBQyxJQUFJLENBQUM7U0FDbkI7S0FDRjtDQUNGLENBQUM7QUFFSyxNQUFNLFlBQVksR0FBRyxDQUFDLFNBQXlCLHFCQUFhLEVBQUUsRUFBRTtJQUNyRSxPQUFPO1FBQ0wsS0FBSyxDQUFDLE9BQU87WUFDWCxPQUFPO2dCQUNMO29CQUNFLE1BQU0sRUFBRSxPQUFPO29CQUNmLE9BQU8sRUFBRSx1QkFBdUIsQ0FBQyxNQUFNLENBQUMsT0FBTyxDQUFDO2lCQUNqRDthQUNGLENBQUM7UUFDSixDQUFDO0tBQ0YsQ0FBQztBQUNKLENBQUMsQ0FBQztBQVhXLFFBQUEsWUFBWSxnQkFXdkI7QUFFSyxNQUFNLFlBQVksR0FBRyxDQUMxQixVQUFlLEVBQ2YsU0FBeUIscUJBQWEsRUFDdEMsRUFBRTtJQUNGLG1EQUFtRDtJQUNuRCx1Q0FDSyxJQUFBLG9CQUFZLEVBQUMsTUFBTSxDQUFDLEdBQ3BCLFVBQVUsQ0FBQyxPQUFPLEVBQUUsRUFDdkI7QUFDSixDQUFDLENBQUM7QUFUVyxRQUFBLFlBQVksZ0JBU3ZCO0FBRUYsTUFBTSx1QkFBdUIsR0FBRyxDQUFDLE9BQXdCLEVBQUUsRUFBRTtJQUMzRCxNQUFNLFlBQVksR0FBcUIsRUFBRSxDQUFDO0lBQzFDLEtBQUssTUFBTSxNQUFNLElBQUksT0FBTyxFQUFFO1FBQzVCLE1BQU0sYUFBYSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN0QyxJQUFJLGFBQWEsRUFBRTtZQUNqQixZQUFZLENBQUMsSUFBSSxDQUFDO2dCQUNoQixHQUFHLEVBQUUsNkJBQXFCLENBQUMsTUFBTSxDQUFDO2dCQUNsQyxLQUFLLEVBQUUsSUFBQSxpQ0FBeUIsRUFDOUIsTUFBK0IsRUFDL0IsYUFBYSxDQUNkO2FBQ0YsQ0FBQyxDQUFDO1NBQ0o7S0FDRjtJQUVELE9BQU8sWUFBWSxDQUFDO0FBQ3RCLENBQUMsQ0FBQyJ9
+exports.generateSecurityHeaders = generateSecurityHeaders;
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6Ijs7O0FBQUEsbUNBUWlCO0FBRWpCLE1BQU0sa0JBQWtCLEdBQUc7SUFDekIsdUJBQXVCLEVBQUUsQ0FBQyxLQUFtQyxFQUFFLEVBQUUsQ0FDL0Q7UUFDRSxXQUFXLEtBQUssQ0FBQyxNQUFNLEVBQUU7UUFDekIsS0FBSyxDQUFDLGlCQUFpQixJQUFJLG1CQUFtQjtRQUM5QyxLQUFLLENBQUMsT0FBTyxJQUFJLFNBQVM7S0FDM0I7U0FDRSxNQUFNLENBQUMsT0FBTyxDQUFDO1NBQ2YsSUFBSSxDQUFDLElBQUksQ0FBQztJQUNmLHFCQUFxQixFQUFFLENBQUMsS0FBaUMsRUFBRSxFQUFFO1FBQzNELE9BQU8sTUFBTSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUM7YUFDekIsR0FBRyxDQUFDLENBQUMsQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDLEVBQUUsRUFBRTtZQUM1QixJQUFJLFNBQVMsS0FBSywyQkFBMkIsRUFBRTtnQkFDN0MsT0FBTyxPQUFPLENBQUMsQ0FBQyxDQUFDLDJCQUEyQixDQUFDLENBQUMsQ0FBQyxFQUFFLENBQUM7YUFDbkQ7WUFDRCxPQUFPLENBQ0wsQ0FBQyxPQUFvQixhQUFwQixPQUFPLHVCQUFQLE9BQU8sQ0FBZSxNQUFNO2dCQUM3QixHQUFHLFNBQVMsSUFBSyxPQUFvQixDQUFDLElBQUksQ0FBQyxHQUFHLENBQUMsRUFBRSxDQUNsRCxDQUFDO1FBQ0osQ0FBQyxDQUFDO2FBQ0QsTUFBTSxDQUFDLE9BQU8sQ0FBQzthQUNmLElBQUksQ0FBQyxJQUFJLENBQUMsQ0FBQztJQUNoQixDQUFDO0lBQ0QsaUJBQWlCLEVBQUUsQ0FBQyxLQUE2QixFQUFFLEVBQUUsQ0FDbkQsTUFBTSxDQUFDLE9BQU8sQ0FBQyxLQUFLLENBQUM7U0FDbEIsR0FBRyxDQUNGLENBQUMsQ0FBQyxTQUFTLEVBQUUsT0FBTyxDQUFDLEVBQUUsRUFBRSxDQUN2QixDQUFDLE9BQW9CLGFBQXBCLE9BQU8sdUJBQVAsT0FBTyxDQUFlLE1BQU07UUFDN0IsR0FBRyxTQUFTLElBQUssT0FBb0IsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FDcEQ7U0FDQSxNQUFNLENBQUMsT0FBTyxDQUFDO1NBQ2YsSUFBSSxDQUFDLElBQUksQ0FBQztDQUNoQixDQUFDO0FBRUssTUFBTSx5QkFBeUIsR0FBRyxDQUN2QyxVQUFpQyxFQUNqQyxhQUFnQixFQUNoQixFQUFFOztJQUNGLE9BQU8sTUFBQSxNQUFBLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxtRUFBRyxhQUFhLENBQUMsbUNBQUksYUFBYSxDQUFDO0FBQzFFLENBQUMsQ0FBQztBQUxXLFFBQUEseUJBQXlCLDZCQUtwQztBQUVXLFFBQUEsYUFBYSxHQUFtQjtJQUMzQyxPQUFPLEVBQUU7UUFDUCx5QkFBeUIsRUFBRSxhQUFhO1FBQ3hDLHVCQUF1QixFQUFFLGFBQWE7UUFDdEMseUJBQXlCLEVBQUUsY0FBYztRQUN6QyxxQkFBcUIsRUFBRTtZQUNyQixVQUFVLEVBQUUsQ0FBQyxRQUFRLENBQUM7WUFDdEIsVUFBVSxFQUFFLENBQUMsUUFBUSxFQUFFLFFBQVEsRUFBRSxPQUFPLENBQUM7WUFDekMsYUFBYSxFQUFFLENBQUMsUUFBUSxDQUFDO1lBQ3pCLGlCQUFpQixFQUFFLENBQUMsUUFBUSxDQUFDO1lBQzdCLFNBQVMsRUFBRSxDQUFDLFFBQVEsRUFBRSxPQUFPLENBQUM7WUFDOUIsWUFBWSxFQUFFLENBQUMsUUFBUSxDQUFDO1lBQ3hCLGlCQUFpQixFQUFFLENBQUMsUUFBUSxDQUFDO1lBQzdCLFdBQVcsRUFBRSxDQUFDLFFBQVEsRUFBRSxRQUFRLEVBQUUsaUJBQWlCLENBQUM7WUFDcEQsMkJBQTJCLEVBQUUsSUFBSTtTQUNsQztRQUNELGtCQUFrQixFQUFFLElBQUk7UUFDeEIsY0FBYyxFQUFFLGFBQWE7UUFDN0IsdUJBQXVCLEVBQUU7WUFDdkIsTUFBTSxFQUFFLFFBQVE7WUFDaEIsaUJBQWlCLEVBQUUsSUFBSTtTQUN4QjtRQUNELG1CQUFtQixFQUFFLFNBQVM7UUFDOUIsbUJBQW1CLEVBQUUsS0FBSztRQUMxQixnQkFBZ0IsRUFBRSxRQUFRO1FBQzFCLGFBQWEsRUFBRSxZQUFZO1FBQzNCLDZCQUE2QixFQUFFLE1BQU07UUFDckMsY0FBYyxFQUFFLEdBQUc7UUFDbkIsaUJBQWlCLEVBQUU7WUFDakIsTUFBTSxFQUFFLENBQUMsSUFBSSxDQUFDO1lBQ2QsaUJBQWlCLEVBQUUsQ0FBQyxJQUFJLENBQUM7WUFDekIsVUFBVSxFQUFFLENBQUMsSUFBSSxDQUFDO1lBQ2xCLFdBQVcsRUFBRSxDQUFDLElBQUksQ0FBQztZQUNuQixVQUFVLEVBQUUsQ0FBQyxJQUFJLENBQUM7U0FDbkI7S0FDRjtDQUNGLENBQUM7QUFFSyxNQUFNLFlBQVksR0FBRyxDQUFDLFNBQXlCLHFCQUFhLEVBQUUsRUFBRTtJQUNyRSxPQUFPO1FBQ0wsS0FBSyxDQUFDLE9BQU87WUFDWCxPQUFPO2dCQUNMO29CQUNFLE1BQU0sRUFBRSxPQUFPO29CQUNmLE9BQU8sRUFBRSxJQUFBLCtCQUF1QixFQUFDLE1BQU0sQ0FBQyxPQUFPLENBQUM7aUJBQ2pEO2FBQ0YsQ0FBQztRQUNKLENBQUM7S0FDRixDQUFDO0FBQ0osQ0FBQyxDQUFDO0FBWFcsUUFBQSxZQUFZLGdCQVd2QjtBQUVLLE1BQU0sdUJBQXVCLEdBQUcsQ0FDckMsVUFBMkIscUJBQWEsQ0FBQyxPQUFPLEVBQ2hELEVBQUU7SUFDRixNQUFNLFlBQVksR0FBcUIsRUFBRSxDQUFDO0lBQzFDLEtBQUssTUFBTSxNQUFNLElBQUksT0FBTyxFQUFFO1FBQzVCLE1BQU0sYUFBYSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN0QyxJQUFJLGFBQWEsRUFBRTtZQUNqQixZQUFZLENBQUMsSUFBSSxDQUFDO2dCQUNoQixHQUFHLEVBQUUsNkJBQXFCLENBQUMsTUFBTSxDQUFDO2dCQUNsQyxLQUFLLEVBQUUsSUFBQSxpQ0FBeUIsRUFDOUIsTUFBK0IsRUFDL0IsYUFBYSxDQUNkO2FBQ0YsQ0FBQyxDQUFDO1NBQ0o7S0FDRjtJQUVELE9BQU8sWUFBWSxDQUFDO0FBQ3RCLENBQUMsQ0FBQztBQWxCVyxRQUFBLHVCQUF1QiwyQkFrQmxDIn0=

build/module/index.d.ts

@@ -10,2 +10,2 @@ import { SecurityConfig, SecurityHeader, SecurityHeaders } from './types';
 };
-export declare const withSecurity: (nextConfig: any, config?: SecurityConfig) => any;
+export declare const generateSecurityHeaders: (headers?: SecurityHeaders) => SecurityHeader[];

build/module/index.js

@@ -80,10 +80,3 @@ import { SECURITY_HEADER_NAMES, } from './types';
 };
-export const withSecurity = (nextConfig, config = defaultConfig) => {
-    // TODO: fix returning the whole nextConfig instead
-    return {
-        ...nextSecurity(config),
-        ...nextConfig.headers(),
-    };
-};
-const generateSecurityHeaders = (headers) => {
+export const generateSecurityHeaders = (headers = defaultConfig.headers) => {
     const headersArray = [];
@@ -101,2 +94,2 @@ for (const header in headers) {
 };
-//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUdMLHFCQUFxQixHQUt0QixNQUFNLFNBQVMsQ0FBQztBQUVqQixNQUFNLGtCQUFrQixHQUFHO0lBQ3pCLHVCQUF1QixFQUFFLENBQUMsS0FBbUMsRUFBRSxFQUFFLENBQy9EO1FBQ0UsV0FBVyxLQUFLLENBQUMsTUFBTSxFQUFFO1FBQ3pCLEtBQUssQ0FBQyxpQkFBaUIsSUFBSSxtQkFBbUI7UUFDOUMsS0FBSyxDQUFDLE9BQU8sSUFBSSxTQUFTO0tBQzNCO1NBQ0UsTUFBTSxDQUFDLE9BQU8sQ0FBQztTQUNmLElBQUksQ0FBQyxJQUFJLENBQUM7SUFDZixxQkFBcUIsRUFBRSxDQUFDLEtBQWlDLEVBQUUsRUFBRTtRQUMzRCxPQUFPLE1BQU0sQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDO2FBQ3pCLEdBQUcsQ0FBQyxDQUFDLENBQUMsU0FBUyxFQUFFLE9BQU8sQ0FBQyxFQUFFLEVBQUU7WUFDNUIsSUFBSSxTQUFTLEtBQUssMkJBQTJCLEVBQUU7Z0JBQzdDLE9BQU8sT0FBTyxDQUFDLENBQUMsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDO2FBQ25EO1lBQ0QsT0FBTyxDQUNKLE9BQW9CLEVBQUUsTUFBTTtnQkFDN0IsR0FBRyxTQUFTLElBQUssT0FBb0IsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FDbEQsQ0FBQztRQUNKLENBQUMsQ0FBQzthQUNELE1BQU0sQ0FBQyxPQUFPLENBQUM7YUFDZixJQUFJLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDaEIsQ0FBQztJQUNELGlCQUFpQixFQUFFLENBQUMsS0FBNkIsRUFBRSxFQUFFLENBQ25ELE1BQU0sQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDO1NBQ2xCLEdBQUcsQ0FDRixDQUFDLENBQUMsU0FBUyxFQUFFLE9BQU8sQ0FBQyxFQUFFLEVBQUUsQ0FDdEIsT0FBb0IsRUFBRSxNQUFNO1FBQzdCLEdBQUcsU0FBUyxJQUFLLE9BQW9CLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQ3BEO1NBQ0EsTUFBTSxDQUFDLE9BQU8sQ0FBQztTQUNmLElBQUksQ0FBQyxJQUFJLENBQUM7Q0FDaEIsQ0FBQztBQUVGLE1BQU0sQ0FBQyxNQUFNLHlCQUF5QixHQUFHLENBQ3ZDLFVBQWlDLEVBQ2pDLGFBQWdCLEVBQ2hCLEVBQUU7SUFDRixPQUFPLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLElBQUksYUFBYSxDQUFDO0FBQzFFLENBQUMsQ0FBQztBQUVGLE1BQU0sQ0FBQyxNQUFNLGFBQWEsR0FBbUI7SUFDM0MsT0FBTyxFQUFFO1FBQ1AseUJBQXlCLEVBQUUsYUFBYTtRQUN4Qyx1QkFBdUIsRUFBRSxhQUFhO1FBQ3RDLHlCQUF5QixFQUFFLGNBQWM7UUFDekMscUJBQXFCLEVBQUU7WUFDckIsVUFBVSxFQUFFLENBQUMsUUFBUSxDQUFDO1lBQ3RCLFVBQVUsRUFBRSxDQUFDLFFBQVEsRUFBRSxRQUFRLEVBQUUsT0FBTyxDQUFDO1lBQ3pDLGFBQWEsRUFBRSxDQUFDLFFBQVEsQ0FBQztZQUN6QixpQkFBaUIsRUFBRSxDQUFDLFFBQVEsQ0FBQztZQUM3QixTQUFTLEVBQUUsQ0FBQyxRQUFRLEVBQUUsT0FBTyxDQUFDO1lBQzlCLFlBQVksRUFBRSxDQUFDLFFBQVEsQ0FBQztZQUN4QixpQkFBaUIsRUFBRSxDQUFDLFFBQVEsQ0FBQztZQUM3QixXQUFXLEVBQUUsQ0FBQyxRQUFRLEVBQUUsUUFBUSxFQUFFLGlCQUFpQixDQUFDO1lBQ3BELDJCQUEyQixFQUFFLElBQUk7U0FDbEM7UUFDRCxrQkFBa0IsRUFBRSxJQUFJO1FBQ3hCLGNBQWMsRUFBRSxhQUFhO1FBQzdCLHVCQUF1QixFQUFFO1lBQ3ZCLE1BQU0sRUFBRSxRQUFRO1lBQ2hCLGlCQUFpQixFQUFFLElBQUk7U0FDeEI7UUFDRCxtQkFBbUIsRUFBRSxTQUFTO1FBQzlCLG1CQUFtQixFQUFFLEtBQUs7UUFDMUIsZ0JBQWdCLEVBQUUsUUFBUTtRQUMxQixhQUFhLEVBQUUsWUFBWTtRQUMzQiw2QkFBNkIsRUFBRSxNQUFNO1FBQ3JDLGNBQWMsRUFBRSxHQUFHO1FBQ25CLGlCQUFpQixFQUFFO1lBQ2pCLE1BQU0sRUFBRSxDQUFDLElBQUksQ0FBQztZQUNkLGlCQUFpQixFQUFFLENBQUMsSUFBSSxDQUFDO1lBQ3pCLFVBQVUsRUFBRSxDQUFDLElBQUksQ0FBQztZQUNsQixXQUFXLEVBQUUsQ0FBQyxJQUFJLENBQUM7WUFDbkIsVUFBVSxFQUFFLENBQUMsSUFBSSxDQUFDO1NBQ25CO0tBQ0Y7Q0FDRixDQUFDO0FBRUYsTUFBTSxDQUFDLE1BQU0sWUFBWSxHQUFHLENBQUMsU0FBeUIsYUFBYSxFQUFFLEVBQUU7SUFDckUsT0FBTztRQUNMLEtBQUssQ0FBQyxPQUFPO1lBQ1gsT0FBTztnQkFDTDtvQkFDRSxNQUFNLEVBQUUsT0FBTztvQkFDZixPQUFPLEVBQUUsdUJBQXVCLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQztpQkFDakQ7YUFDRixDQUFDO1FBQ0osQ0FBQztLQUNGLENBQUM7QUFDSixDQUFDLENBQUM7QUFFRixNQUFNLENBQUMsTUFBTSxZQUFZLEdBQUcsQ0FDMUIsVUFBZSxFQUNmLFNBQXlCLGFBQWEsRUFDdEMsRUFBRTtJQUNGLG1EQUFtRDtJQUNuRCxPQUFPO1FBQ0wsR0FBRyxZQUFZLENBQUMsTUFBTSxDQUFDO1FBQ3ZCLEdBQUcsVUFBVSxDQUFDLE9BQU8sRUFBRTtLQUN4QixDQUFDO0FBQ0osQ0FBQyxDQUFDO0FBRUYsTUFBTSx1QkFBdUIsR0FBRyxDQUFDLE9BQXdCLEVBQUUsRUFBRTtJQUMzRCxNQUFNLFlBQVksR0FBcUIsRUFBRSxDQUFDO0lBQzFDLEtBQUssTUFBTSxNQUFNLElBQUksT0FBTyxFQUFFO1FBQzVCLE1BQU0sYUFBYSxHQUFHLE9BQU8sQ0FBQyxNQUFNLENBQUMsQ0FBQztRQUN0QyxJQUFJLGFBQWEsRUFBRTtZQUNqQixZQUFZLENBQUMsSUFBSSxDQUFDO2dCQUNoQixHQUFHLEVBQUUscUJBQXFCLENBQUMsTUFBTSxDQUFDO2dCQUNsQyxLQUFLLEVBQUUseUJBQXlCLENBQzlCLE1BQStCLEVBQy9CLGFBQWEsQ0FDZDthQUNGLENBQUMsQ0FBQztTQUNKO0tBQ0Y7SUFFRCxPQUFPLFlBQVksQ0FBQztBQUN0QixDQUFDLENBQUMifQ==
+//# sourceMappingURL=data:application/json;base64,eyJ2ZXJzaW9uIjozLCJmaWxlIjoiaW5kZXguanMiLCJzb3VyY2VSb290IjoiIiwic291cmNlcyI6WyIuLi8uLi9zcmMvaW5kZXgudHMiXSwibmFtZXMiOltdLCJtYXBwaW5ncyI6IkFBQUEsT0FBTyxFQUdMLHFCQUFxQixHQUt0QixNQUFNLFNBQVMsQ0FBQztBQUVqQixNQUFNLGtCQUFrQixHQUFHO0lBQ3pCLHVCQUF1QixFQUFFLENBQUMsS0FBbUMsRUFBRSxFQUFFLENBQy9EO1FBQ0UsV0FBVyxLQUFLLENBQUMsTUFBTSxFQUFFO1FBQ3pCLEtBQUssQ0FBQyxpQkFBaUIsSUFBSSxtQkFBbUI7UUFDOUMsS0FBSyxDQUFDLE9BQU8sSUFBSSxTQUFTO0tBQzNCO1NBQ0UsTUFBTSxDQUFDLE9BQU8sQ0FBQztTQUNmLElBQUksQ0FBQyxJQUFJLENBQUM7SUFDZixxQkFBcUIsRUFBRSxDQUFDLEtBQWlDLEVBQUUsRUFBRTtRQUMzRCxPQUFPLE1BQU0sQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDO2FBQ3pCLEdBQUcsQ0FBQyxDQUFDLENBQUMsU0FBUyxFQUFFLE9BQU8sQ0FBQyxFQUFFLEVBQUU7WUFDNUIsSUFBSSxTQUFTLEtBQUssMkJBQTJCLEVBQUU7Z0JBQzdDLE9BQU8sT0FBTyxDQUFDLENBQUMsQ0FBQywyQkFBMkIsQ0FBQyxDQUFDLENBQUMsRUFBRSxDQUFDO2FBQ25EO1lBQ0QsT0FBTyxDQUNKLE9BQW9CLEVBQUUsTUFBTTtnQkFDN0IsR0FBRyxTQUFTLElBQUssT0FBb0IsQ0FBQyxJQUFJLENBQUMsR0FBRyxDQUFDLEVBQUUsQ0FDbEQsQ0FBQztRQUNKLENBQUMsQ0FBQzthQUNELE1BQU0sQ0FBQyxPQUFPLENBQUM7YUFDZixJQUFJLENBQUMsSUFBSSxDQUFDLENBQUM7SUFDaEIsQ0FBQztJQUNELGlCQUFpQixFQUFFLENBQUMsS0FBNkIsRUFBRSxFQUFFLENBQ25ELE1BQU0sQ0FBQyxPQUFPLENBQUMsS0FBSyxDQUFDO1NBQ2xCLEdBQUcsQ0FDRixDQUFDLENBQUMsU0FBUyxFQUFFLE9BQU8sQ0FBQyxFQUFFLEVBQUUsQ0FDdEIsT0FBb0IsRUFBRSxNQUFNO1FBQzdCLEdBQUcsU0FBUyxJQUFLLE9BQW9CLENBQUMsSUFBSSxDQUFDLEdBQUcsQ0FBQyxFQUFFLENBQ3BEO1NBQ0EsTUFBTSxDQUFDLE9BQU8sQ0FBQztTQUNmLElBQUksQ0FBQyxJQUFJLENBQUM7Q0FDaEIsQ0FBQztBQUVGLE1BQU0sQ0FBQyxNQUFNLHlCQUF5QixHQUFHLENBQ3ZDLFVBQWlDLEVBQ2pDLGFBQWdCLEVBQ2hCLEVBQUU7SUFDRixPQUFPLGtCQUFrQixDQUFDLFVBQVUsQ0FBQyxFQUFFLENBQUMsYUFBYSxDQUFDLElBQUksYUFBYSxDQUFDO0FBQzFFLENBQUMsQ0FBQztBQUVGLE1BQU0sQ0FBQyxNQUFNLGFBQWEsR0FBbUI7SUFDM0MsT0FBTyxFQUFFO1FBQ1AseUJBQXlCLEVBQUUsYUFBYTtRQUN4Qyx1QkFBdUIsRUFBRSxhQUFhO1FBQ3RDLHlCQUF5QixFQUFFLGNBQWM7UUFDekMscUJBQXFCLEVBQUU7WUFDckIsVUFBVSxFQUFFLENBQUMsUUFBUSxDQUFDO1lBQ3RCLFVBQVUsRUFBRSxDQUFDLFFBQVEsRUFBRSxRQUFRLEVBQUUsT0FBTyxDQUFDO1lBQ3pDLGFBQWEsRUFBRSxDQUFDLFFBQVEsQ0FBQztZQUN6QixpQkFBaUIsRUFBRSxDQUFDLFFBQVEsQ0FBQztZQUM3QixTQUFTLEVBQUUsQ0FBQyxRQUFRLEVBQUUsT0FBTyxDQUFDO1lBQzlCLFlBQVksRUFBRSxDQUFDLFFBQVEsQ0FBQztZQUN4QixpQkFBaUIsRUFBRSxDQUFDLFFBQVEsQ0FBQztZQUM3QixXQUFXLEVBQUUsQ0FBQyxRQUFRLEVBQUUsUUFBUSxFQUFFLGlCQUFpQixDQUFDO1lBQ3BELDJCQUEyQixFQUFFLElBQUk7U0FDbEM7UUFDRCxrQkFBa0IsRUFBRSxJQUFJO1FBQ3hCLGNBQWMsRUFBRSxhQUFhO1FBQzdCLHVCQUF1QixFQUFFO1lBQ3ZCLE1BQU0sRUFBRSxRQUFRO1lBQ2hCLGlCQUFpQixFQUFFLElBQUk7U0FDeEI7UUFDRCxtQkFBbUIsRUFBRSxTQUFTO1FBQzlCLG1CQUFtQixFQUFFLEtBQUs7UUFDMUIsZ0JBQWdCLEVBQUUsUUFBUTtRQUMxQixhQUFhLEVBQUUsWUFBWTtRQUMzQiw2QkFBNkIsRUFBRSxNQUFNO1FBQ3JDLGNBQWMsRUFBRSxHQUFHO1FBQ25CLGlCQUFpQixFQUFFO1lBQ2pCLE1BQU0sRUFBRSxDQUFDLElBQUksQ0FBQztZQUNkLGlCQUFpQixFQUFFLENBQUMsSUFBSSxDQUFDO1lBQ3pCLFVBQVUsRUFBRSxDQUFDLElBQUksQ0FBQztZQUNsQixXQUFXLEVBQUUsQ0FBQyxJQUFJLENBQUM7WUFDbkIsVUFBVSxFQUFFLENBQUMsSUFBSSxDQUFDO1NBQ25CO0tBQ0Y7Q0FDRixDQUFDO0FBRUYsTUFBTSxDQUFDLE1BQU0sWUFBWSxHQUFHLENBQUMsU0FBeUIsYUFBYSxFQUFFLEVBQUU7SUFDckUsT0FBTztRQUNMLEtBQUssQ0FBQyxPQUFPO1lBQ1gsT0FBTztnQkFDTDtvQkFDRSxNQUFNLEVBQUUsT0FBTztvQkFDZixPQUFPLEVBQUUsdUJBQXVCLENBQUMsTUFBTSxDQUFDLE9BQU8sQ0FBQztpQkFDakQ7YUFDRixDQUFDO1FBQ0osQ0FBQztLQUNGLENBQUM7QUFDSixDQUFDLENBQUM7QUFFRixNQUFNLENBQUMsTUFBTSx1QkFBdUIsR0FBRyxDQUNyQyxVQUEyQixhQUFhLENBQUMsT0FBTyxFQUNoRCxFQUFFO0lBQ0YsTUFBTSxZQUFZLEdBQXFCLEVBQUUsQ0FBQztJQUMxQyxLQUFLLE1BQU0sTUFBTSxJQUFJLE9BQU8sRUFBRTtRQUM1QixNQUFNLGFBQWEsR0FBRyxPQUFPLENBQUMsTUFBTSxDQUFDLENBQUM7UUFDdEMsSUFBSSxhQUFhLEVBQUU7WUFDakIsWUFBWSxDQUFDLElBQUksQ0FBQztnQkFDaEIsR0FBRyxFQUFFLHFCQUFxQixDQUFDLE1BQU0sQ0FBQztnQkFDbEMsS0FBSyxFQUFFLHlCQUF5QixDQUM5QixNQUErQixFQUMvQixhQUFhLENBQ2Q7YUFDRixDQUFDLENBQUM7U0FDSjtLQUNGO0lBRUQsT0FBTyxZQUFZLENBQUM7QUFDdEIsQ0FBQyxDQUFDIn0=

package.json

 {
   "name": "next-security",
-  "version": "1.0.1",
+  "version": "1.0.2",
   "description": "Security plugin for Next.js based on OWASP and Helmet",
@@ -15,2 +15,3 @@ "main": "build/main/index.js",
     "build:module": "tsc -p tsconfig.module.json",
+    "example": "run-p build && cd example && run-s dev",
     "fix": "run-s fix:*",
@@ -17,0 +18,0 @@ "fix:prettier": "prettier \"src/**/*.ts\" --write",

README.md

 # next-security
 
-Security plugin for Next.js based on OWASP and Helmet
+[![npm version][npm-version-src]][npm-version-href]
+[![npm downloads][npm-downloads-src]][npm-downloads-href]
+[![Github Actions CI][github-actions-ci-src]][github-actions-ci-href]
+[![License][license-src]][license-href]
+
+Security plugin for Next.js based on OWASP and Helmet.
+
+## Features
+
+- No configuration security headers similar to Helmet.js
+- Customization of all header values
+- `[Coming soon]` Content Security Policy (CSP) for SSG apps
+- `[Coming soon]`Request Size limiter
+- `[Coming soon]`Cross Site Scripting (XSS) Validation
+- `[Coming soon]`Cross-Origin Resource Sharing (CORS) support
+- `[Coming soon]` `[Optional]` Allowed HTTP Methods, Basic Auth, CSRF, Rate Limiter
+
+## Usage
+
+Install the plugin:
+
+```sh
+npm i next-security
+yarn add next-security
+pnpm add next-security
+```
+
+Add the plugin to the `next.config.js` like following:
+
+```js
+/** @type {import('next').NextConfig} */
+const { nextSecurity } = require('next-security');
+const nextConfig = {
+  ...nextSecurity(),
+};
+
+module.exports = nextConfig;
+```
+
+Or, if you want to have more control over the source for the headers:
+
+```js
+/** @type {import('next').NextConfig} */
+const { generateSecurityHeaders } = require('next-security');
+const nextConfig = {
+  async headers() {
+    return [
+      {
+        source: '/(.*)',
+        headers: generateSecurityHeaders(),
+      },
+    ];
+  },
+};
+
+module.exports = nextConfig;
+```
+
+And that's it! The plugin will now register security response headers so that your application will be more secure.
+
+If you inspect the headers that are being returned by the Next application in the browser, you should see the following result:
+
+```md
+cross-origin-resource-policy: same-origin
+cross-origin-opener-policy: same-origin
+cross-origin-embedder-policy: require-corp
+content-security-policy: base-uri 'self'; font-src 'self' https: data:; form-action 'self'; frame-ancestors 'self'; img-src 'self' data:; object-src 'none'; script-src-attr 'none'; style-src 'self' https: 'unsafe-inline'; upgrade-insecure-requests
+origin-agent-cluster: ?1
+referrer-policy: no-referrer
+strict-transport-security: max-age=15552000; includeSubDomains
+x-content-type-options: nosniff
+x-dns-prefetch-control: off
+x-download-options: noopen
+x-frame-options: SAMEORIGIN
+x-permitted-cross-domain-policies: none
+x-xss-protection: 0
+permissions-policy: camera=(), display-capture=(), fullscreen=(), geolocation=(), microphone=()
+```
+
+## Configuration
+
+You can pass configuration to the plugin like following:
+
+```js
+/** @type {import('next').NextConfig} */
+const { nextSecurity } = require('next-security');
+const nextConfig = {
+  ...nextSecurity({
+    headers: {
+      xXSSProtection: '1',
+      crossOriginResourcePolicy: 'cross-origin',
+      contentSecurityPolicy: false,
+    },
+  }),
+};
+
+module.exports = nextConfig;
+```
+
+[npm-version-src]: https://img.shields.io/npm/v/next-security/latest.svg
+[npm-version-href]: https://npmjs.com/package/next-security
+[npm-downloads-src]: https://img.shields.io/npm/dt/next-security.svg
+[npm-downloads-href]: https://npmjs.com/package/next-security
+[github-actions-ci-src]: https://github.com/baroshem/next-security/actions/workflows/ci.yml/badge.svg
+[github-actions-ci-href]: https://github.com/baroshem/next-security/actions?query=workflow%3Aci
+[license-src]: https://img.shields.io/npm/l/next-security.svg
+[license-href]: https://npmjs.com/package/next-security

New alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Fixed alerts

License Policy Violation

License

This package is not allowed per your license policy. Review the package's license to ensure compliance.

Found 1 instance in 1 package

Improved metrics

Total package byte prevSize

40398

increased by7.15%

Number of lines in readme file

110

increased by2650%

Worsened metrics

Lines of code

588

decreased by-1.84%

No dependency changes