npm - @eggjs/security - Versions diffs - 5.0.0-beta.20 → 5.0.0-beta.21 - Mend

@eggjs/security 5.0.0-beta.20 → 5.0.0-beta.21

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (113) hide show

package/dist/agent.d.ts +5 -9
package/dist/agent.js +11 -15
package/dist/app/extend/agent.d.ts +4 -9
package/dist/app/extend/agent.js +8 -12
package/dist/app/extend/application.d.ts +8 -4
package/dist/app/extend/application.js +32 -4
package/dist/app/extend/context.d.ts +58 -4
package/dist/app/extend/context.js +244 -4
package/dist/app/extend/helper.d.ts +10 -22
package/dist/app/extend/helper.js +5 -17
package/dist/app/extend/response.d.ts +35 -4
package/dist/app/extend/response.js +83 -5
package/dist/app/middleware/securities.d.ts +4 -8
package/dist/app/middleware/securities.js +52 -49
package/dist/app.d.ts +5 -9
package/dist/app.js +26 -24
package/dist/config/config.default.d.ts +867 -2
package/dist/config/config.default.js +366 -3
package/dist/config/config.local.d.ts +2 -5
package/dist/config/config.local.js +8 -5
package/dist/index.d.ts +4 -5
package/dist/index.js +5 -8
package/dist/lib/extend/safe_curl.d.ts +16 -3
package/dist/lib/extend/safe_curl.js +25 -3
package/dist/lib/helper/cliFilter.d.ts +4 -2
package/dist/lib/helper/cliFilter.js +17 -3
package/dist/lib/helper/escape.d.ts +2 -2
package/dist/lib/helper/escape.js +3 -3
package/dist/lib/helper/escapeShellArg.d.ts +1 -2
package/dist/lib/helper/escapeShellArg.js +5 -3
package/dist/lib/helper/escapeShellCmd.d.ts +1 -2
package/dist/lib/helper/escapeShellCmd.js +14 -3
package/dist/lib/helper/index.d.ts +19 -22
package/dist/lib/helper/index.js +21 -13
package/dist/lib/helper/shtml.d.ts +2 -2
package/dist/lib/helper/shtml.js +69 -4
package/dist/lib/helper/sjs.d.ts +4 -2
package/dist/lib/helper/sjs.js +49 -3
package/dist/lib/helper/sjson.d.ts +1 -2
package/dist/lib/helper/sjson.js +39 -4
package/dist/lib/helper/spath.d.ts +5 -2
package/dist/lib/helper/spath.js +25 -3
package/dist/lib/helper/surl.d.ts +2 -2
package/dist/lib/helper/surl.js +30 -3
package/dist/lib/middlewares/csp.d.ts +3 -6
package/dist/lib/middlewares/csp.js +57 -4
package/dist/lib/middlewares/csrf.d.ts +3 -6
package/dist/lib/middlewares/csrf.js +37 -4
package/dist/lib/middlewares/dta.d.ts +2 -5
package/dist/lib/middlewares/dta.js +12 -4
package/dist/lib/middlewares/hsts.d.ts +3 -6
package/dist/lib/middlewares/hsts.js +21 -4
package/dist/lib/middlewares/index.d.ts +11 -16
package/dist/lib/middlewares/index.js +23 -14
package/dist/lib/middlewares/methodnoallow.d.ts +2 -5
package/dist/lib/middlewares/methodnoallow.js +20 -3
package/dist/lib/middlewares/noopen.d.ts +3 -6
package/dist/lib/middlewares/noopen.js +15 -4
package/dist/lib/middlewares/nosniff.d.ts +3 -6
package/dist/lib/middlewares/nosniff.js +28 -4
package/dist/lib/middlewares/referrerPolicy.d.ts +3 -6
package/dist/lib/middlewares/referrerPolicy.js +35 -4
package/dist/lib/middlewares/xframe.d.ts +3 -6
package/dist/lib/middlewares/xframe.js +17 -4
package/dist/lib/middlewares/xssProtection.d.ts +3 -6
package/dist/lib/middlewares/xssProtection.js +14 -4
package/dist/lib/utils.d.ts +12 -17
package/dist/lib/utils.js +192 -3
package/dist/types.d.ts +36 -3
package/dist/types.js +2 -3
package/package.json +6 -6
package/dist/application-COC0mYEe.js +0 -32
package/dist/application-n5bk2L_z.d.ts +0 -12
package/dist/cliFilter-7BSD8Nc_.js +0 -18
package/dist/cliFilter-DKZxCxSe.d.ts +0 -7
package/dist/config.default-AcwQOAG0.js +0 -166
package/dist/config.default-D8v08Vox.d.ts +0 -870
package/dist/context-C-N1IY85.d.ts +0 -95
package/dist/context-e-QJTKfq.js +0 -191
package/dist/csp-BW5AJd_f.js +0 -46
package/dist/csrf-9aSLHiby.js +0 -33
package/dist/dta-DVAKEpJ3.js +0 -13
package/dist/escape-Dex_Pk9e.d.ts +0 -2
package/dist/escape-p8-cW8c_.js +0 -7
package/dist/escapeShellArg-BnzDicAC.d.ts +0 -4
package/dist/escapeShellArg-C0v1ZeCl.js +0 -7
package/dist/escapeShellCmd-CkAdyhtO.js +0 -15
package/dist/escapeShellCmd-DQZZIHde.d.ts +0 -4
package/dist/helper-DylzfQ_5.js +0 -25
package/dist/hsts-CWMKNTEh.js +0 -19
package/dist/methodnoallow-BAZONArS.js +0 -15
package/dist/middlewares-CkQjv8t0.js +0 -27
package/dist/noopen-C3jUBwoH.js +0 -17
package/dist/nosniff-CcLkhX2I.js +0 -27
package/dist/referrerPolicy-D4Uafq6c.js +0 -31
package/dist/response-BFnHAJrV.js +0 -69
package/dist/safe_curl-UlViaxoF.js +0 -19
package/dist/safe_curl-mqZZv_YQ.d.ts +0 -20
package/dist/shtml-CAquTzgV.d.ts +0 -6
package/dist/shtml-CgF4kOx-.js +0 -53
package/dist/sjs-Cbmkk5xS.js +0 -36
package/dist/sjs-QZIJYS71.d.ts +0 -7
package/dist/sjson-BetFnVR6.js +0 -32
package/dist/sjson-O-vKJPws.d.ts +0 -4
package/dist/spath-Bu9sy6Kz.js +0 -16
package/dist/spath-DseDPHxf.d.ts +0 -7
package/dist/surl-ClleTea7.js +0 -25
package/dist/surl-JV70X_RZ.d.ts +0 -6
package/dist/types-BZR2U30p.d.ts +0 -38
package/dist/types-DnJpiSJb.js +0 -1
package/dist/utils-Cajs5P8M.js +0 -127
package/dist/xframe-q9fEZkVI.js +0 -18
package/dist/xssProtection-D5QsHX-e.js +0 -17

package/dist/config/config.default.d.ts CHANGED Viewed

@@ -1,2 +1,867 @@
-import { CSRFSupportRequestItem, IgnoreOrMatch, IgnoreOrMatchHandler, IgnoreOrMatchOption, LookupAddress, SSRFCheckAddressFunction, SecurityConfig, SecurityHelperConfig, SecurityHelperOnTagAttrHandler, SecurityMiddlewareName, _default } from "../config.default-D8v08Vox.js";
-export { CSRFSupportRequestItem, IgnoreOrMatch, IgnoreOrMatchHandler, IgnoreOrMatchOption, LookupAddress, SSRFCheckAddressFunction, SecurityConfig, SecurityHelperConfig, SecurityHelperOnTagAttrHandler, SecurityMiddlewareName, _default as default };
+import z from 'zod';
+import { Context } from 'egg';
+declare const CSRFSupportRequestItem: z.ZodObject<{
+    path: z.ZodType<RegExp, z.ZodTypeDef, RegExp>;
+    methods: z.ZodArray<z.ZodString, "many">;
+}, "strip", z.ZodTypeAny, {
+    path: RegExp;
+    methods: string[];
+}, {
+    path: RegExp;
+    methods: string[];
+}>;
+export type CSRFSupportRequestItem = z.infer<typeof CSRFSupportRequestItem>;
+export declare const LookupAddress: z.ZodObject<{
+    address: z.ZodString;
+    family: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    address: string;
+    family: number;
+}, {
+    address: string;
+    family: number;
+}>;
+export type LookupAddress = z.infer<typeof LookupAddress>;
+declare const SSRFCheckAddressFunction: z.ZodFunction<z.ZodTuple<[z.ZodUnion<[z.ZodString, z.ZodObject<{
+    address: z.ZodString;
+    family: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    address: string;
+    family: number;
+}, {
+    address: string;
+    family: number;
+}>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodObject<{
+    address: z.ZodString;
+    family: z.ZodNumber;
+}, "strip", z.ZodTypeAny, {
+    address: string;
+    family: number;
+}, {
+    address: string;
+    family: number;
+}>]>, "many">]>, z.ZodUnion<[z.ZodNumber, z.ZodString]>, z.ZodString], z.ZodUnknown>, z.ZodBoolean>;
+/**
+ * SSRF check address function
+ * `(address, family, hostname) => boolean`
+ */
+export type SSRFCheckAddressFunction = z.infer<typeof SSRFCheckAddressFunction>;
+export declare const SecurityMiddlewareName: z.ZodEnum<["csrf", "hsts", "methodnoallow", "noopen", "nosniff", "csp", "xssProtection", "xframe", "dta"]>;
+export type SecurityMiddlewareName = z.infer<typeof SecurityMiddlewareName>;
+/**
+ * (ctx) => boolean
+ */
+declare const IgnoreOrMatchHandler: z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>;
+export type IgnoreOrMatchHandler = z.infer<typeof IgnoreOrMatchHandler>;
+declare const IgnoreOrMatch: z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>;
+export type IgnoreOrMatch = z.infer<typeof IgnoreOrMatch>;
+declare const IgnoreOrMatchOption: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+export type IgnoreOrMatchOption = z.infer<typeof IgnoreOrMatchOption>;
+export declare const SecurityConfig: z.ZodObject<{
+    /**
+     * domain white list
+     *
+     * Default to `[]`
+     */
+    domainWhiteList: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    /**
+     * protocol white list
+     *
+     * Default to `[]`
+     */
+    protocolWhiteList: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+    /**
+     * default open security middleware
+     *
+     * Default to `'csrf,hsts,methodnoallow,noopen,nosniff,csp,xssProtection,xframe,dta'`
+     */
+    defaultMiddleware: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodEnum<["csrf", "hsts", "methodnoallow", "noopen", "nosniff", "csp", "xssProtection", "xframe", "dta"]>, "many">]>>;
+    /**
+     * whether defend csrf attack
+     */
+    csrf: z.ZodEffects<z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `true`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * csrf token detect source type
+         *
+         * Default to `'ctoken'`
+         */
+        type: z.ZodDefault<z.ZodEnum<["ctoken", "referer", "all", "any"]>>;
+        /**
+         * ignore json request
+         *
+         * Default to `false`
+         *
+         * @deprecated is not safe now, don't use it
+         */
+        ignoreJSON: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * csrf token cookie name
+         *
+         * Default to `'csrfToken'`
+         */
+        cookieName: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
+        /**
+         * csrf token session name
+         *
+         * Default to `'csrfToken'`
+         */
+        sessionName: z.ZodDefault<z.ZodString>;
+        /**
+         * csrf token request header name
+         *
+         * Default to `'x-csrf-token'`
+         */
+        headerName: z.ZodDefault<z.ZodString>;
+        /**
+         * csrf token request body field name
+         *
+         * Default to `'_csrf'`
+         */
+        bodyName: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
+        /**
+         * csrf token request query field name
+         *
+         * Default to `'_csrf'`
+         */
+        queryName: z.ZodDefault<z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">]>>;
+        /**
+         * rotate csrf token when it is invalid
+         *
+         * Default to `false`
+         */
+        rotateWhenInvalid: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * These config works when using `'ctoken'` type
+         *
+         * Default to `false`
+         */
+        useSession: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * csrf token cookie domain setting,
+         * can be `(ctx) => string` or `string`
+         *
+         * Default to `undefined`, auto set the cookie domain in the safe way
+         */
+        cookieDomain: z.ZodOptional<z.ZodUnion<[z.ZodString, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodString>]>>;
+        /**
+         * csrf token check requests config
+         */
+        supportedRequests: z.ZodDefault<z.ZodArray<z.ZodObject<{
+            path: z.ZodType<RegExp, z.ZodTypeDef, RegExp>;
+            methods: z.ZodArray<z.ZodString, "many">;
+        }, "strip", z.ZodTypeAny, {
+            path: RegExp;
+            methods: string[];
+        }, {
+            path: RegExp;
+            methods: string[];
+        }>, "many">>;
+        /**
+         * referer or origin header white list.
+         * It only works when using `'referer'` type
+         *
+         * Default to `[]`
+         */
+        refererWhiteList: z.ZodDefault<z.ZodArray<z.ZodString, "many">>;
+        /**
+         * csrf token cookie options
+         *
+         * Default to `{
+         *   signed: false,
+         *   httpOnly: false,
+         *   overwrite: true,
+         * }`
+         */
+        cookieOptions: z.ZodDefault<z.ZodObject<{
+            signed: z.ZodBoolean;
+            httpOnly: z.ZodBoolean;
+            overwrite: z.ZodBoolean;
+        }, "strip", z.ZodTypeAny, {
+            signed: boolean;
+            overwrite: boolean;
+            httpOnly: boolean;
+        }, {
+            signed: boolean;
+            overwrite: boolean;
+            httpOnly: boolean;
+        }>>;
+    }, "strip", z.ZodTypeAny, {
+        type: "referer" | "all" | "ctoken" | "any";
+        enable: boolean;
+        ignoreJSON: boolean;
+        cookieName: string | string[];
+        sessionName: string;
+        headerName: string;
+        bodyName: string | string[];
+        queryName: string | string[];
+        rotateWhenInvalid: boolean;
+        useSession: boolean;
+        supportedRequests: {
+            path: RegExp;
+            methods: string[];
+        }[];
+        refererWhiteList: string[];
+        cookieOptions: {
+            signed: boolean;
+            overwrite: boolean;
+            httpOnly: boolean;
+        };
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+    }, {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        type?: "referer" | "all" | "ctoken" | "any" | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+        ignoreJSON?: boolean | undefined;
+        cookieName?: string | string[] | undefined;
+        sessionName?: string | undefined;
+        headerName?: string | undefined;
+        bodyName?: string | string[] | undefined;
+        queryName?: string | string[] | undefined;
+        rotateWhenInvalid?: boolean | undefined;
+        useSession?: boolean | undefined;
+        cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+        supportedRequests?: {
+            path: RegExp;
+            methods: string[];
+        }[] | undefined;
+        refererWhiteList?: string[] | undefined;
+        cookieOptions?: {
+            signed: boolean;
+            overwrite: boolean;
+            httpOnly: boolean;
+        } | undefined;
+    }>>, {
+        type: "referer" | "all" | "ctoken" | "any";
+        enable: boolean;
+        ignoreJSON: boolean;
+        cookieName: string | string[];
+        sessionName: string;
+        headerName: string;
+        bodyName: string | string[];
+        queryName: string | string[];
+        rotateWhenInvalid: boolean;
+        useSession: boolean;
+        supportedRequests: {
+            path: RegExp;
+            methods: string[];
+        }[];
+        refererWhiteList: string[];
+        cookieOptions: {
+            signed: boolean;
+            overwrite: boolean;
+            httpOnly: boolean;
+        };
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+    }, unknown>;
+    /**
+     * whether enable X-Frame-Options response header
+     */
+    xframe: z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `true`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * X-Frame-Options value, can be `'DENY'`, `'SAMEORIGIN'`, `'ALLOW-FROM https://example.com'`
+         *
+         * Default to `'SAMEORIGIN'`
+         */
+        value: z.ZodDefault<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        enable: boolean;
+        value: string;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    }, {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+        value?: string | undefined;
+    }>>;
+    /**
+     * whether enable Strict-Transport-Security response header
+     */
+    hsts: z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `false`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * Max age of Strict-Transport-Security in seconds
+         *
+         * Default to `365 * 24 * 3600`
+         */
+        maxAge: z.ZodDefault<z.ZodNumber>;
+        /**
+         * Whether include sub domains
+         *
+         * Default to `false`
+         */
+        includeSubdomains: z.ZodDefault<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        enable: boolean;
+        maxAge: number;
+        includeSubdomains: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    }, {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+        maxAge?: number | undefined;
+        includeSubdomains?: boolean | undefined;
+    }>>;
+    /**
+     * whether enable Http Method filter
+     */
+    methodnoallow: z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `true`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    }, {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    }>>;
+    /**
+     * whether enable IE automatically download open
+     */
+    noopen: z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `true`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    }, {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    }>>;
+    /**
+     * whether enable IE8 automatically detect mime
+     */
+    nosniff: z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `true`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    }, {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    }>>;
+    /**
+     * whether enable IE8 XSS Filter
+     */
+    xssProtection: z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `true`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * X-XSS-Protection response header value
+         *
+         * Default to `'1; mode=block'`
+         */
+        value: z.ZodDefault<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        enable: boolean;
+        value: string;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    }, {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+        value?: string | undefined;
+    }>>;
+    /**
+     * content security policy config
+     */
+    csp: z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `false`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+        policy: z.ZodDefault<z.ZodRecord<z.ZodString, z.ZodUnion<[z.ZodString, z.ZodArray<z.ZodString, "many">, z.ZodBoolean]>>>;
+        /**
+         * whether enable report only mode
+         * Default to `undefined`
+         */
+        reportOnly: z.ZodOptional<z.ZodBoolean>;
+        /**
+         * whether support IE
+         * Default to `undefined`
+         */
+        supportIE: z.ZodOptional<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        enable: boolean;
+        policy: Record<string, string | boolean | string[]>;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        reportOnly?: boolean | undefined;
+        supportIE?: boolean | undefined;
+    }, {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+        policy?: Record<string, string | boolean | string[]> | undefined;
+        reportOnly?: boolean | undefined;
+        supportIE?: boolean | undefined;
+    }>>;
+    /**
+     * whether enable referrer policy
+     * @see https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
+     */
+    referrerPolicy: z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `false`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+        /**
+         * referrer policy value
+         *
+         * Default to `'no-referrer-when-downgrade'`
+         */
+        value: z.ZodDefault<z.ZodString>;
+    }, "strip", z.ZodTypeAny, {
+        enable: boolean;
+        value: string;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    }, {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+        value?: string | undefined;
+    }>>;
+    /**
+     * whether enable auto avoid directory traversal attack
+     */
+    dta: z.ZodDefault<z.ZodObject<{
+        match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+        /**
+         * Default to `true`
+         */
+        enable: z.ZodDefault<z.ZodBoolean>;
+    }, "strip", z.ZodTypeAny, {
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    }, {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    }>>;
+    ssrf: z.ZodDefault<z.ZodObject<{
+        ipBlackList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        ipExceptionList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        hostnameExceptionList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        checkAddress: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodUnion<[z.ZodString, z.ZodObject<{
+            address: z.ZodString;
+            family: z.ZodNumber;
+        }, "strip", z.ZodTypeAny, {
+            address: string;
+            family: number;
+        }, {
+            address: string;
+            family: number;
+        }>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodObject<{
+            address: z.ZodString;
+            family: z.ZodNumber;
+        }, "strip", z.ZodTypeAny, {
+            address: string;
+            family: number;
+        }, {
+            address: string;
+            family: number;
+        }>]>, "many">]>, z.ZodUnion<[z.ZodNumber, z.ZodString]>, z.ZodString], z.ZodUnknown>, z.ZodBoolean>>;
+    }, "strip", z.ZodTypeAny, {
+        ipBlackList?: string[] | undefined;
+        ipExceptionList?: string[] | undefined;
+        hostnameExceptionList?: string[] | undefined;
+        checkAddress?: ((args_0: string | {
+            address: string;
+            family: number;
+        } | (string | {
+            address: string;
+            family: number;
+        })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+    }, {
+        ipBlackList?: string[] | undefined;
+        ipExceptionList?: string[] | undefined;
+        hostnameExceptionList?: string[] | undefined;
+        checkAddress?: ((args_0: string | {
+            address: string;
+            family: number;
+        } | (string | {
+            address: string;
+            family: number;
+        })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+    }>>;
+    match: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    ignore: z.ZodOptional<z.ZodUnion<[z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, z.ZodArray<z.ZodUnion<[z.ZodString, z.ZodType<RegExp, z.ZodTypeDef, RegExp>, z.ZodFunction<z.ZodTuple<[z.ZodType<Context, z.ZodTypeDef, Context>], z.ZodUnknown>, z.ZodBoolean>]>, "many">]>>;
+    __protocolWhiteListSet: z.ZodReadonly<z.ZodOptional<z.ZodSet<z.ZodString>>>;
+}, "strip", z.ZodTypeAny, {
+    domainWhiteList: string[];
+    protocolWhiteList: string[];
+    csrf: {
+        type: "referer" | "all" | "ctoken" | "any";
+        enable: boolean;
+        ignoreJSON: boolean;
+        cookieName: string | string[];
+        sessionName: string;
+        headerName: string;
+        bodyName: string | string[];
+        queryName: string | string[];
+        rotateWhenInvalid: boolean;
+        useSession: boolean;
+        supportedRequests: {
+            path: RegExp;
+            methods: string[];
+        }[];
+        refererWhiteList: string[];
+        cookieOptions: {
+            signed: boolean;
+            overwrite: boolean;
+            httpOnly: boolean;
+        };
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+    };
+    hsts: {
+        enable: boolean;
+        maxAge: number;
+        includeSubdomains: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    methodnoallow: {
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    noopen: {
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    nosniff: {
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    csp: {
+        enable: boolean;
+        policy: Record<string, string | boolean | string[]>;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        reportOnly?: boolean | undefined;
+        supportIE?: boolean | undefined;
+    };
+    xssProtection: {
+        enable: boolean;
+        value: string;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    xframe: {
+        enable: boolean;
+        value: string;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    dta: {
+        enable: boolean;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    defaultMiddleware: string | ("csrf" | "hsts" | "methodnoallow" | "noopen" | "nosniff" | "csp" | "xssProtection" | "xframe" | "dta")[];
+    referrerPolicy: {
+        enable: boolean;
+        value: string;
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    };
+    ssrf: {
+        ipBlackList?: string[] | undefined;
+        ipExceptionList?: string[] | undefined;
+        hostnameExceptionList?: string[] | undefined;
+        checkAddress?: ((args_0: string | {
+            address: string;
+            family: number;
+        } | (string | {
+            address: string;
+            family: number;
+        })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+    };
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    __protocolWhiteListSet?: ReadonlySet<string> | undefined;
+}, {
+    match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+    domainWhiteList?: string[] | undefined;
+    protocolWhiteList?: string[] | undefined;
+    csrf?: unknown;
+    hsts?: {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+        maxAge?: number | undefined;
+        includeSubdomains?: boolean | undefined;
+    } | undefined;
+    methodnoallow?: {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    } | undefined;
+    noopen?: {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    } | undefined;
+    nosniff?: {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    } | undefined;
+    csp?: {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+        policy?: Record<string, string | boolean | string[]> | undefined;
+        reportOnly?: boolean | undefined;
+        supportIE?: boolean | undefined;
+    } | undefined;
+    xssProtection?: {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+        value?: string | undefined;
+    } | undefined;
+    xframe?: {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+        value?: string | undefined;
+    } | undefined;
+    dta?: {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+    } | undefined;
+    defaultMiddleware?: string | ("csrf" | "hsts" | "methodnoallow" | "noopen" | "nosniff" | "csp" | "xssProtection" | "xframe" | "dta")[] | undefined;
+    referrerPolicy?: {
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        enable?: boolean | undefined;
+        value?: string | undefined;
+    } | undefined;
+    ssrf?: {
+        ipBlackList?: string[] | undefined;
+        ipExceptionList?: string[] | undefined;
+        hostnameExceptionList?: string[] | undefined;
+        checkAddress?: ((args_0: string | {
+            address: string;
+            family: number;
+        } | (string | {
+            address: string;
+            family: number;
+        })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+    } | undefined;
+    __protocolWhiteListSet?: ReadonlySet<string> | undefined;
+}>;
+export type SecurityConfig = z.infer<typeof SecurityConfig>;
+declare const SecurityHelperOnTagAttrHandler: z.ZodFunction<z.ZodTuple<[z.ZodString, z.ZodString, z.ZodString, z.ZodBoolean], z.ZodUnknown>, z.ZodUnion<[z.ZodString, z.ZodVoid]>>;
+/**
+ * (tag: string, name: string, value: string, isWhiteAttr: boolean) => string | void
+ */
+export type SecurityHelperOnTagAttrHandler = z.infer<typeof SecurityHelperOnTagAttrHandler>;
+export declare const SecurityHelperConfig: z.ZodObject<{
+    shtml: z.ZodDefault<z.ZodObject<{
+        /**
+         * tag attribute white list
+         */
+        whiteList: z.ZodOptional<z.ZodRecord<z.ZodString, z.ZodArray<z.ZodString, "many">>>;
+        /**
+         * domain white list
+         * @deprecated use `config.security.domainWhiteList` instead
+         */
+        domainWhiteList: z.ZodOptional<z.ZodArray<z.ZodString, "many">>;
+        /**
+         * tag attribute handler
+         */
+        onTagAttr: z.ZodOptional<z.ZodFunction<z.ZodTuple<[z.ZodString, z.ZodString, z.ZodString, z.ZodBoolean], z.ZodUnknown>, z.ZodUnion<[z.ZodString, z.ZodVoid]>>>;
+    }, "strip", z.ZodTypeAny, {
+        domainWhiteList?: string[] | undefined;
+        whiteList?: Record<string, string[]> | undefined;
+        onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+    }, {
+        domainWhiteList?: string[] | undefined;
+        whiteList?: Record<string, string[]> | undefined;
+        onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+    }>>;
+}, "strip", z.ZodTypeAny, {
+    shtml: {
+        domainWhiteList?: string[] | undefined;
+        whiteList?: Record<string, string[]> | undefined;
+        onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+    };
+}, {
+    shtml?: {
+        domainWhiteList?: string[] | undefined;
+        whiteList?: Record<string, string[]> | undefined;
+        onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+    } | undefined;
+}>;
+export type SecurityHelperConfig = z.infer<typeof SecurityHelperConfig>;
+declare const _default: {
+    security: {
+        domainWhiteList: string[];
+        protocolWhiteList: string[];
+        csrf: {
+            type: "referer" | "all" | "ctoken" | "any";
+            enable: boolean;
+            ignoreJSON: boolean;
+            cookieName: string | string[];
+            sessionName: string;
+            headerName: string;
+            bodyName: string | string[];
+            queryName: string | string[];
+            rotateWhenInvalid: boolean;
+            useSession: boolean;
+            supportedRequests: {
+                path: RegExp;
+                methods: string[];
+            }[];
+            refererWhiteList: string[];
+            cookieOptions: {
+                signed: boolean;
+                overwrite: boolean;
+                httpOnly: boolean;
+            };
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            cookieDomain?: string | ((args_0: Context, ...args: unknown[]) => string) | undefined;
+        };
+        hsts: {
+            enable: boolean;
+            maxAge: number;
+            includeSubdomains: boolean;
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        };
+        methodnoallow: {
+            enable: boolean;
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        };
+        noopen: {
+            enable: boolean;
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        };
+        nosniff: {
+            enable: boolean;
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        };
+        csp: {
+            enable: boolean;
+            policy: Record<string, string | boolean | string[]>;
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            reportOnly?: boolean | undefined;
+            supportIE?: boolean | undefined;
+        };
+        xssProtection: {
+            enable: boolean;
+            value: string;
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        };
+        xframe: {
+            enable: boolean;
+            value: string;
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        };
+        dta: {
+            enable: boolean;
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        };
+        defaultMiddleware: string | ("csrf" | "hsts" | "methodnoallow" | "noopen" | "nosniff" | "csp" | "xssProtection" | "xframe" | "dta")[];
+        referrerPolicy: {
+            enable: boolean;
+            value: string;
+            match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+            ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        };
+        ssrf: {
+            ipBlackList?: string[] | undefined;
+            ipExceptionList?: string[] | undefined;
+            hostnameExceptionList?: string[] | undefined;
+            checkAddress?: ((args_0: string | {
+                address: string;
+                family: number;
+            } | (string | {
+                address: string;
+                family: number;
+            })[], args_1: string | number, args_2: string, ...args: unknown[]) => boolean) | undefined;
+        };
+        match?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        ignore?: string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean) | (string | RegExp | ((args_0: Context, ...args: unknown[]) => boolean))[] | undefined;
+        __protocolWhiteListSet?: ReadonlySet<string> | undefined;
+    };
+    helper: {
+        shtml: {
+            domainWhiteList?: string[] | undefined;
+            whiteList?: Record<string, string[]> | undefined;
+            onTagAttr?: ((args_0: string, args_1: string, args_2: string, args_3: boolean, ...args: unknown[]) => string | void) | undefined;
+        };
+    };
+};
+export default _default;