@arcis/node 1.2.0 → 1.3.0

package/dist/logging/index.d.mts

@@ -1,4 +1,4 @@
-import { L as LogOptions, S as SafeLogger } from '../types-CsOFHoD9.mjs';
+import { L as LogOptions, S as SafeLogger } from '../types-BOkx5YJc.mjs';
 import 'express';
 
 /**

package/dist/logging/index.d.ts

@@ -1,4 +1,4 @@
-import { L as LogOptions, S as SafeLogger } from '../types-CsOFHoD9.js';
+import { L as LogOptions, S as SafeLogger } from '../types-BOkx5YJc.js';
 import 'express';
 
 /**

package/dist/middleware/index.d.mts

@@ -1,3 +1,3 @@
-export { g as arcis, h as arcisFunction, i as botProtection, j as createCors, k as createCsrf, l as createErrorHandler, m as createHeaders, n as createRateLimiter, o as createSecureCookies, p as createSlidingWindowLimiter, q as createTokenBucketLimiter, r as csrfProtection, h as default, s as detectBot, t as enforceSecureCookie, u as errorHandler, v as generateCsrfToken, w as rateLimit, x as safeCors, y as secureCookieDefaults, z as securityHeaders, A as validateCsrfToken } from '../index-CgK94hY_.mjs';
-import '../types-CsOFHoD9.mjs';
+export { g as arcis, h as arcisFunction, i as botProtection, j as createCors, k as createCsrf, l as createErrorHandler, m as createHeaders, n as createRateLimiter, o as createSecureCookies, p as createSlidingWindowLimiter, q as createTokenBucketLimiter, r as csrfProtection, h as default, s as detectBot, t as enforceSecureCookie, u as errorHandler, v as generateCsrfToken, w as rateLimit, x as safeCors, y as secureCookieDefaults, z as securityHeaders, A as validateCsrfToken } from '../index-DgJtWMSj.mjs';
+import '../types-BOkx5YJc.mjs';
 import 'express';

package/dist/middleware/index.d.ts

@@ -1,3 +1,3 @@
-export { g as arcis, h as arcisFunction, i as botProtection, j as createCors, k as createCsrf, l as createErrorHandler, m as createHeaders, n as createRateLimiter, o as createSecureCookies, p as createSlidingWindowLimiter, q as createTokenBucketLimiter, r as csrfProtection, h as default, s as detectBot, t as enforceSecureCookie, u as errorHandler, v as generateCsrfToken, w as rateLimit, x as safeCors, y as secureCookieDefaults, z as securityHeaders, A as validateCsrfToken } from '../index-D_bdJcF0.js';
-import '../types-CsOFHoD9.js';
+export { g as arcis, h as arcisFunction, i as botProtection, j as createCors, k as createCsrf, l as createErrorHandler, m as createHeaders, n as createRateLimiter, o as createSecureCookies, p as createSlidingWindowLimiter, q as createTokenBucketLimiter, r as csrfProtection, h as default, s as detectBot, t as enforceSecureCookie, u as errorHandler, v as generateCsrfToken, w as rateLimit, x as safeCors, y as secureCookieDefaults, z as securityHeaders, A as validateCsrfToken } from '../index-BAhgn9V2.js';
+import '../types-BOkx5YJc.js';
 import 'express';

package/dist/middleware/index.js

@@ -276,7 +276,12 @@ function createHeaders(options = {}) {
     hsts = true,
     referrerPolicy = HEADERS.REFERRER_POLICY,
     permissionsPolicy = HEADERS.PERMISSIONS_POLICY,
-    cacheControl = true
+    cacheControl = true,
+    crossOriginOpenerPolicy = "same-origin",
+    crossOriginResourcePolicy = "same-origin",
+    crossOriginEmbedderPolicy = "require-corp",
+    originAgentCluster = true,
+    dnsPrefetchControl = true
   } = options;
   return (req, res, next) => {
     if (contentSecurityPolicy) {
@@ -284,7 +289,7 @@ function createHeaders(options = {}) {
       res.setHeader("Content-Security-Policy", csp);
     }
     if (xssFilter) {
-      res.setHeader("X-XSS-Protection", "1; mode=block");
+      res.setHeader("X-XSS-Protection", "0");
     }
     if (noSniff) {
       res.setHeader("X-Content-Type-Options", HEADERS.CONTENT_TYPE_OPTIONS);
@@ -311,6 +316,21 @@ function createHeaders(options = {}) {
     if (permissionsPolicy) {
       res.setHeader("Permissions-Policy", permissionsPolicy);
     }
+    if (crossOriginOpenerPolicy) {
+      res.setHeader("Cross-Origin-Opener-Policy", crossOriginOpenerPolicy);
+    }
+    if (crossOriginResourcePolicy) {
+      res.setHeader("Cross-Origin-Resource-Policy", crossOriginResourcePolicy);
+    }
+    if (crossOriginEmbedderPolicy) {
+      res.setHeader("Cross-Origin-Embedder-Policy", crossOriginEmbedderPolicy);
+    }
+    if (originAgentCluster) {
+      res.setHeader("Origin-Agent-Cluster", "?1");
+    }
+    if (dnsPrefetchControl) {
+      res.setHeader("X-DNS-Prefetch-Control", "off");
+    }
     res.setHeader("X-Permitted-Cross-Domain-Policies", "none");
     if (cacheControl) {
       const cacheControlValue = typeof cacheControl === "string" ? cacheControl : HEADERS.CACHE_CONTROL;