Security News
GitHub Removes Malicious Pull Requests Targeting Open Source Repositories
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
This module is an alternate way of setting headers in your node applications.
Node doesn't have any protection or ways to prevent your previously set headers
from being overridden. So just because you set a X-Powered-By
or
X-Frame-Options
header it doesn't mean that this exact header will eventually
be written to the response. It could be that you have a middleware layer that
silently modified the header. This module attempts to prevent that from
happening by making the set property readOnly
.
npm install --save setheader
The following snippet should make it clear:
'use strict';
var setHeader = require('setheader');
//
// Create a basic http server just to illustrate the example usage here..
//
require('http').createServer(function (req, res) {
setHeader(res, 'X-Frame-Options', 'DENY');
res.end('(\/)(;,,;)(\/)');
}).listen(8080);
As you can see in the example above the setHeader
method receives 3
required arguments:
res
, The HTTP Response instance of your HTTP server server.name
, The name of the header it needs to set.value
, The value of the header that is set.MIT
FAQs
Protect headers from being overridden before they are written to response.
The npm package setheader receives a total of 15,026 weekly downloads. As such, setheader popularity was classified as popular.
We found that setheader demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
GitHub removed 27 malicious pull requests attempting to inject harmful code across multiple open source repositories, in another round of low-effort attacks.
Security News
RubyGems.org has added a new "maintainer" role that allows for publishing new versions of gems. This new permission type is aimed at improving security for gem owners and the service overall.
Security News
Node.js will be enforcing stricter semver-major PR policies a month before major releases to enhance stability and ensure reliable release candidates.