npm - @middy/http-security-headers - Versions diffs - 3.0.0-alpha.6 → 3.0.0 - Mend

@middy/http-security-headers 3.0.0-alpha.6 → 3.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/README.md CHANGED Viewed

@@ -1,27 +1,37 @@
-# Middy http-security-headers middleware
-<div align="center">
-  <img alt="Middy logo" src="https://raw.githubusercontent.com/middyjs/middy/main/docs/img/middy-logo.png"/>
-</div>
 <div align="center">
+  <h1>Middy http-security-headers middleware</h1>
+  <img alt="Middy logo" src="https://raw.githubusercontent.com/middyjs/middy/main/docs/img/middy-logo.svg"/>
   <p><strong>HTTP security headers middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda</strong></p>
   <p>Applies best practice security headers to responses. It's a simplified port of [HelmetJS](https://helmetjs.github.io/). See HelmetJS documentation for more details.</p>
-</div>
-<div align="center">
 <p>
-  <a href="http://badge.fury.io/js/%40middy%2Fhttp-security-headers">
+  <a href="https://www.npmjs.com/package/@middy/http-security-headers?activeTab=versions">
     <img src="https://badge.fury.io/js/%40middy%2Fhttp-security-headers.svg" alt="npm version" style="max-width:100%;">
   </a>
+  <a href="https://packagephobia.com/result?p=@middy/http-security-headers">
+    <img src="https://packagephobia.com/badge?p=@middy/http-security-headers" alt="npm install size" style="max-width:100%;">
+  </a>
+  <a href="https://github.com/middyjs/middy/actions">
+    <img src="https://github.com/middyjs/middy/workflows/Tests/badge.svg" alt="GitHub Actions test status badge" style="max-width:100%;">
+  </a>
+  <br/>
+   <a href="https://standardjs.com/">
+    <img src="https://img.shields.io/badge/code_style-standard-brightgreen.svg" alt="Standard Code Style"  style="max-width:100%;">
+  </a>
   <a href="https://snyk.io/test/github/middyjs/middy">
     <img src="https://snyk.io/test/github/middyjs/middy/badge.svg" alt="Known Vulnerabilities" data-canonical-src="https://snyk.io/test/github/middyjs/middy" style="max-width:100%;">
   </a>
-  <a href="https://standardjs.com/">
-    <img src="https://img.shields.io/badge/code_style-standard-brightgreen.svg" alt="Standard Code Style"  style="max-width:100%;">
+  <a href="https://lgtm.com/projects/g/middyjs/middy/context:javascript">
+    <img src="https://img.shields.io/lgtm/grade/javascript/g/middyjs/middy.svg?logo=lgtm&logoWidth=18" alt="Language grade: JavaScript" style="max-width:100%;">
+  </a>
+  <a href="https://bestpractices.coreinfrastructure.org/projects/5280">
+    <img src="https://bestpractices.coreinfrastructure.org/projects/5280/badge" alt="Core Infrastructure Initiative (CII) Best Practices"  style="max-width:100%;">
   </a>
+  <br/>
   <a href="https://gitter.im/middyjs/Lobby">
-    <img src="https://badges.gitter.im/gitterHQ/gitter.svg" alt="Chat on Gitter"  style="max-width:100%;">
+    <img src="https://badges.gitter.im/gitterHQ/gitter.svg" alt="Chat on Gitter" style="max-width:100%;">
+  </a>
+  <a href="https://stackoverflow.com/questions/tagged/middy?sort=Newest&uqlId=35052">
+    <img src="https://img.shields.io/badge/StackOverflow-[middy]-yellow" alt="Ask questions on StackOverflow" style="max-width:100%;">
   </a>
 </p>
 </div>

package/index.cjs ADDED Viewed

@@ -0,0 +1,3 @@
+"use strict";Object.defineProperty(exports,"__esModule",{value:true});exports.default=void 0;var _util=require("@middy/util");const defaults={contentSecurityPolicy:{"default-src":"'none'","base-uri":"'none'",sandbox:"","form-action":"'none'","frame-ancestors":"'none'","navigate-to":"'none'","report-to":"csp","require-trusted-types-for":"'script'","trusted-types":"'none'","upgrade-insecure-requests":""},contentTypeOptions:{action:"nosniff"},crossOriginEmbedderPolicy:{policy:"require-corp"},crossOriginOpenerPolicy:{policy:"same-origin"},crossOriginResourcePolicy:{policy:"same-origin"},dnsPrefetchControl:{allow:false},downloadOptions:{action:"noopen"},frameOptions:{action:"deny"},originAgentCluster:{},permissionsPolicy:{accelerometer:"","ambient-light-sensor":"",autoplay:"",battery:"",camera:"","cross-origin-isolated":"","display-capture":"","document-domain":"","encrypted-media":"","execution-while-not-rendered":"","execution-while-out-of-viewport":"",fullscreen:"",geolocation:"",gyroscope:"","keyboard-map":"",magnetometer:"",microphone:"",midi:"","navigation-override":"",payment:"","picture-in-picture":"","publickey-credentials-get":"","screen-wake-lock":"","sync-xhr":"",usb:"","web-share":"","xr-spatial-tracking":"","clipboard-read":"","clipboard-write":"",gamepad:"","speaker-selection":"","conversion-measurement":"","focus-without-user-activation":"",hid:"","idle-detection":"","interest-cohort":"",serial:"","sync-script":"","trust-token-redemption":"","window-placement":"","vertical-scroll":""},permittedCrossDomainPolicies:{policy:"none"},poweredBy:{server:""},referrerPolicy:{policy:"no-referrer"},reportTo:{maxAge:365*24*60*60,default:"",includeSubdomains:true,csp:"",staple:"",xss:""},strictTransportSecurity:{maxAge:180*24*60*60,includeSubDomains:true,preload:true},xssProtection:{reportTo:"xss"}};const helmet={};const helmetHtmlOnly={};helmetHtmlOnly.contentSecurityPolicy=(headers,config)=>{let header=Object.keys(config).map(policy=>config[policy]?`${policy} ${config[policy]}`:"").filter(str=>str).join("; ");if(config.sandbox===""){header+="; sandbox"}if(config["upgrade-insecure-requests"]===""){header+="; upgrade-insecure-requests"}headers["Content-Security-Policy"]=header};helmetHtmlOnly.crossOriginEmbedderPolicy=(headers,config)=>{headers["Cross-Origin-Embedder-Policy"]=config.policy};helmetHtmlOnly.crossOriginOpenerPolicy=(headers,config)=>{headers["Cross-Origin-Opener-Policy"]=config.policy};helmetHtmlOnly.crossOriginResourcePolicy=(headers,config)=>{headers["Cross-Origin-Resource-Policy"]=config.policy};helmetHtmlOnly.permissionsPolicy=(headers,config)=>{headers["Permissions-Policy"]=Object.keys(config).map(policy=>`${policy}=${config[policy]==="*"?"*":"("+config[policy]+")"}`).join(", ")};helmet.originAgentCluster=(headers,config)=>{headers["Origin-Agent-Cluster"]="?1"};helmet.referrerPolicy=(headers,config)=>{headers["Referrer-Policy"]=config.policy};helmetHtmlOnly.reportTo=(headers,config)=>{headers["Report-To"]=Object.keys(config).map(group=>{const includeSubdomains=group==="default"?`, "include_subdomains": ${config.includeSubdomains}`:"";return config[group]&&group!=="includeSubdomains"?`{ "group": "default", "max_age": ${config.maxAge}, "endpoints": [ { "url": "${config[group]}" } ]${includeSubdomains} }`:""}).filter(str=>str).join(", ")};helmet.strictTransportSecurity=(headers,config)=>{let header="max-age="+Math.round(config.maxAge);if(config.includeSubDomains){header+="; includeSubDomains"}if(config.preload){header+="; preload"}headers["Strict-Transport-Security"]=header};helmet.contentTypeOptions=(headers,config)=>{headers["X-Content-Type-Options"]=config.action};helmet.dnsPrefetchControl=(headers,config)=>{headers["X-DNS-Prefetch-Control"]=config.allow?"on":"off"};helmet.downloadOptions=(headers,config)=>{headers["X-Download-Options"]=config.action};helmetHtmlOnly.frameOptions=(headers,config)=>{headers["X-Frame-Options"]=config.action.toUpperCase()};helmet.permittedCrossDomainPolicies=(headers,config)=>{headers["X-Permitted-Cross-Domain-Policies"]=config.policy};helmet.poweredBy=(headers,config)=>{if(config.server){headers["X-Powered-By"]=config.server}else{delete headers.Server;delete headers["X-Powered-By"]}};helmetHtmlOnly.xssProtection=(headers,config)=>{let header="1; mode=block";if(config.reportTo){header+="; report="+config.reportTo}headers["X-XSS-Protection"]=header};const httpSecurityHeadersMiddleware=(opts={})=>{const options={...defaults,...opts};const httpSecurityHeadersMiddlewareAfter=async request=>{(0,_util).normalizeHttpResponse(request);Object.keys(helmet).forEach(key=>{if(!options[key])return;const config={...defaults[key],...options[key]};helmet[key](request.response.headers,config)});if(request.response.headers["Content-Type"]?.includes("text/html")){Object.keys(helmetHtmlOnly).forEach(key=>{if(!options[key])return;const config={...defaults[key],...options[key]};helmetHtmlOnly[key](request.response.headers,config)})}};const httpSecurityHeadersMiddlewareOnError=async request=>{if(request.response===undefined)return;return httpSecurityHeadersMiddlewareAfter(request)};return{after:httpSecurityHeadersMiddlewareAfter,onError:httpSecurityHeadersMiddlewareOnError}};var _default=httpSecurityHeadersMiddleware;exports.default=_default
+//# sourceMappingURL=index.cjs.map

package/index.js CHANGED Viewed

@@ -1,243 +1,3 @@
-import { normalizeHttpResponse } from '@middy/util';
-const defaults = {
-  contentSecurityPolicy: {
-    'default-src': "'none'",
-    'base-uri': "'none'",
-    sandbox: '',
-    'form-action': "'none'",
-    'frame-ancestors': "'none'",
-    'navigate-to': "'none'",
-    'report-to': 'csp',
-    'require-trusted-types-for': "'script'",
-    'trusted-types': "'none'",
-    'upgrade-insecure-requests': ''
-  },
-  contentTypeOptions: {
-    action: 'nosniff'
-  },
-  crossOriginEmbedderPolicy: {
-    policy: 'require-corp'
-  },
-  crossOriginOpenerPolicy: {
-    policy: 'same-origin'
-  },
-  crossOriginResourcePolicy: {
-    policy: 'same-origin'
-  },
-  dnsPrefetchControl: {
-    allow: false
-  },
-  downloadOptions: {
-    action: 'noopen'
-  },
-  frameOptions: {
-    action: 'deny'
-  },
-  originAgentCluster: {},
-  permissionsPolicy: {
-    accelerometer: '',
-    'ambient-light-sensor': '',
-    autoplay: '',
-    battery: '',
-    camera: '',
-    'cross-origin-isolated': '',
-    'display-capture': '',
-    'document-domain': '',
-    'encrypted-media': '',
-    'execution-while-not-rendered': '',
-    'execution-while-out-of-viewport': '',
-    fullscreen: '',
-    geolocation: '',
-    gyroscope: '',
-    'keyboard-map': '',
-    magnetometer: '',
-    microphone: '',
-    midi: '',
-    'navigation-override': '',
-    payment: '',
-    'picture-in-picture': '',
-    'publickey-credentials-get': '',
-    'screen-wake-lock': '',
-    'sync-xhr': '',
-    usb: '',
-    'web-share': '',
-    'xr-spatial-tracking': '',
-    'clipboard-read': '',
-    'clipboard-write': '',
-    gamepad: '',
-    'speaker-selection': '',
-    'conversion-measurement': '',
-    'focus-without-user-activation': '',
-    hid: '',
-    'idle-detection': '',
-    'interest-cohort': '',
-    serial: '',
-    'sync-script': '',
-    'trust-token-redemption': '',
-    'window-placement': '',
-    'vertical-scroll': ''
-  },
-  permittedCrossDomainPolicies: {
-    policy: 'none'
-  },
-  poweredBy: {
-    server: ''
-  },
-  referrerPolicy: {
-    policy: 'no-referrer'
-  },
-  reportTo: {
-    maxAge: 365 * 24 * 60 * 60,
-    default: '',
-    includeSubdomains: true,
-    csp: '',
-    staple: '',
-    xss: ''
-  },
-  strictTransportSecurity: {
-    maxAge: 180 * 24 * 60 * 60,
-    includeSubDomains: true,
-    preload: true
-  },
-  xssProtection: {
-    reportTo: 'xss'
-  }
-};
-const helmet = {};
-const helmetHtmlOnly = {};
+import{normalizeHttpResponse}from"@middy/util";const defaults={contentSecurityPolicy:{"default-src":"'none'","base-uri":"'none'",sandbox:"","form-action":"'none'","frame-ancestors":"'none'","navigate-to":"'none'","report-to":"csp","require-trusted-types-for":"'script'","trusted-types":"'none'","upgrade-insecure-requests":""},contentTypeOptions:{action:"nosniff"},crossOriginEmbedderPolicy:{policy:"require-corp"},crossOriginOpenerPolicy:{policy:"same-origin"},crossOriginResourcePolicy:{policy:"same-origin"},dnsPrefetchControl:{allow:false},downloadOptions:{action:"noopen"},frameOptions:{action:"deny"},originAgentCluster:{},permissionsPolicy:{accelerometer:"","ambient-light-sensor":"",autoplay:"",battery:"",camera:"","cross-origin-isolated":"","display-capture":"","document-domain":"","encrypted-media":"","execution-while-not-rendered":"","execution-while-out-of-viewport":"",fullscreen:"",geolocation:"",gyroscope:"","keyboard-map":"",magnetometer:"",microphone:"",midi:"","navigation-override":"",payment:"","picture-in-picture":"","publickey-credentials-get":"","screen-wake-lock":"","sync-xhr":"",usb:"","web-share":"","xr-spatial-tracking":"","clipboard-read":"","clipboard-write":"",gamepad:"","speaker-selection":"","conversion-measurement":"","focus-without-user-activation":"",hid:"","idle-detection":"","interest-cohort":"",serial:"","sync-script":"","trust-token-redemption":"","window-placement":"","vertical-scroll":""},permittedCrossDomainPolicies:{policy:"none"},poweredBy:{server:""},referrerPolicy:{policy:"no-referrer"},reportTo:{maxAge:365*24*60*60,default:"",includeSubdomains:true,csp:"",staple:"",xss:""},strictTransportSecurity:{maxAge:180*24*60*60,includeSubDomains:true,preload:true},xssProtection:{reportTo:"xss"}};const helmet={};const helmetHtmlOnly={};helmetHtmlOnly.contentSecurityPolicy=(headers,config)=>{let header=Object.keys(config).map(policy=>config[policy]?`${policy} ${config[policy]}`:"").filter(str=>str).join("; ");if(config.sandbox===""){header+="; sandbox"}if(config["upgrade-insecure-requests"]===""){header+="; upgrade-insecure-requests"}headers["Content-Security-Policy"]=header};helmetHtmlOnly.crossOriginEmbedderPolicy=(headers,config)=>{headers["Cross-Origin-Embedder-Policy"]=config.policy};helmetHtmlOnly.crossOriginOpenerPolicy=(headers,config)=>{headers["Cross-Origin-Opener-Policy"]=config.policy};helmetHtmlOnly.crossOriginResourcePolicy=(headers,config)=>{headers["Cross-Origin-Resource-Policy"]=config.policy};helmetHtmlOnly.permissionsPolicy=(headers,config)=>{headers["Permissions-Policy"]=Object.keys(config).map(policy=>`${policy}=${config[policy]==="*"?"*":"("+config[policy]+")"}`).join(", ")};helmet.originAgentCluster=(headers,config)=>{headers["Origin-Agent-Cluster"]="?1"};helmet.referrerPolicy=(headers,config)=>{headers["Referrer-Policy"]=config.policy};helmetHtmlOnly.reportTo=(headers,config)=>{headers["Report-To"]=Object.keys(config).map(group=>{const includeSubdomains=group==="default"?`, "include_subdomains": ${config.includeSubdomains}`:"";return config[group]&&group!=="includeSubdomains"?`{ "group": "default", "max_age": ${config.maxAge}, "endpoints": [ { "url": "${config[group]}" } ]${includeSubdomains} }`:""}).filter(str=>str).join(", ")};helmet.strictTransportSecurity=(headers,config)=>{let header="max-age="+Math.round(config.maxAge);if(config.includeSubDomains){header+="; includeSubDomains"}if(config.preload){header+="; preload"}headers["Strict-Transport-Security"]=header};helmet.contentTypeOptions=(headers,config)=>{headers["X-Content-Type-Options"]=config.action};helmet.dnsPrefetchControl=(headers,config)=>{headers["X-DNS-Prefetch-Control"]=config.allow?"on":"off"};helmet.downloadOptions=(headers,config)=>{headers["X-Download-Options"]=config.action};helmetHtmlOnly.frameOptions=(headers,config)=>{headers["X-Frame-Options"]=config.action.toUpperCase()};helmet.permittedCrossDomainPolicies=(headers,config)=>{headers["X-Permitted-Cross-Domain-Policies"]=config.policy};helmet.poweredBy=(headers,config)=>{if(config.server){headers["X-Powered-By"]=config.server}else{delete headers.Server;delete headers["X-Powered-By"]}};helmetHtmlOnly.xssProtection=(headers,config)=>{let header="1; mode=block";if(config.reportTo){header+="; report="+config.reportTo}headers["X-XSS-Protection"]=header};const httpSecurityHeadersMiddleware=(opts={})=>{const options={...defaults,...opts};const httpSecurityHeadersMiddlewareAfter=async request=>{normalizeHttpResponse(request);Object.keys(helmet).forEach(key=>{if(!options[key])return;const config={...defaults[key],...options[key]};helmet[key](request.response.headers,config)});if(request.response.headers["Content-Type"]?.includes("text/html")){Object.keys(helmetHtmlOnly).forEach(key=>{if(!options[key])return;const config={...defaults[key],...options[key]};helmetHtmlOnly[key](request.response.headers,config)})}};const httpSecurityHeadersMiddlewareOnError=async request=>{if(request.response===undefined)return;return httpSecurityHeadersMiddlewareAfter(request)};return{after:httpSecurityHeadersMiddlewareAfter,onError:httpSecurityHeadersMiddlewareOnError}};export default httpSecurityHeadersMiddleware
-helmetHtmlOnly.contentSecurityPolicy = (headers, config) => {
-  let header = Object.keys(config).map(policy => config[policy] ? `${policy} ${config[policy]}` : '').filter(str => str).join('; ');
-  if (config.sandbox === '') {
-    header += '; sandbox';
-  }
-  if (config['upgrade-insecure-requests'] === '') {
-    header += '; upgrade-insecure-requests';
-  }
-  headers['Content-Security-Policy'] = header;
-};
-helmetHtmlOnly.crossOriginEmbedderPolicy = (headers, config) => {
-  headers['Cross-Origin-Embedder-Policy'] = config.policy;
-};
-helmetHtmlOnly.crossOriginOpenerPolicy = (headers, config) => {
-  headers['Cross-Origin-Opener-Policy'] = config.policy;
-};
-helmetHtmlOnly.crossOriginResourcePolicy = (headers, config) => {
-  headers['Cross-Origin-Resource-Policy'] = config.policy;
-};
-helmetHtmlOnly.permissionsPolicy = (headers, config) => {
-  headers['Permissions-Policy'] = Object.keys(config).map(policy => `${policy}=${config[policy] === '*' ? '*' : `(${config[policy]})`}`).join(', ');
-};
-helmet.originAgentCluster = (headers, config) => {
-  headers['Origin-Agent-Cluster'] = '?1';
-};
-helmet.referrerPolicy = (headers, config) => {
-  headers['Referrer-Policy'] = config.policy;
-};
-helmetHtmlOnly.reportTo = (headers, config) => {
-  headers['Report-To'] = Object.keys(config).map(group => config[group] && group !== 'includeSubdomains' ? `{ "group": "default", "max_age": ${config.maxAge}, "endpoints": [ { "url": "${config[group]}" } ]${group === 'default' ? `, "include_subdomains": ${config.includeSubdomains}` : ''} }` : '').filter(str => str).join(', ');
-};
-helmet.strictTransportSecurity = (headers, config) => {
-  let header = 'max-age=' + Math.round(config.maxAge);
-  if (config.includeSubDomains) {
-    header += '; includeSubDomains';
-  }
-  if (config.preload) {
-    header += '; preload';
-  }
-  headers['Strict-Transport-Security'] = header;
-};
-helmet.contentTypeOptions = (headers, config) => {
-  headers['X-Content-Type-Options'] = config.action;
-};
-helmet.dnsPrefetchControl = (headers, config) => {
-  headers['X-DNS-Prefetch-Control'] = config.allow ? 'on' : 'off';
-};
-helmet.downloadOptions = (headers, config) => {
-  headers['X-Download-Options'] = config.action;
-};
-helmetHtmlOnly.frameOptions = (headers, config) => {
-  headers['X-Frame-Options'] = config.action.toUpperCase();
-};
-helmet.permittedCrossDomainPolicies = (headers, config) => {
-  headers['X-Permitted-Cross-Domain-Policies'] = config.policy;
-};
-helmet.poweredBy = (headers, config) => {
-  if (config.server) {
-    headers['X-Powered-By'] = config.server;
-  } else {
-    delete headers.Server;
-    delete headers['X-Powered-By'];
-  }
-};
-helmetHtmlOnly.xssProtection = (headers, config) => {
-  let header = '1; mode=block';
-  if (config.reportTo) {
-    header += '; report=' + config.reportTo;
-  }
-  headers['X-XSS-Protection'] = header;
-};
-const httpSecurityHeadersMiddleware = (opts = {}) => {
-  const options = { ...defaults,
-    ...opts
-  };
-  const httpSecurityHeadersMiddlewareAfter = async request => {
-    var _request$response$hea;
-    normalizeHttpResponse(request);
-    Object.keys(helmet).forEach(key => {
-      if (!options[key]) return;
-      const config = { ...defaults[key],
-        ...options[key]
-      };
-      helmet[key](request.response.headers, config);
-    });
-    if ((_request$response$hea = request.response.headers['Content-Type']) !== null && _request$response$hea !== void 0 && _request$response$hea.includes('text/html')) {
-      Object.keys(helmetHtmlOnly).forEach(key => {
-        if (!options[key]) return;
-        const config = { ...defaults[key],
-          ...options[key]
-        };
-        helmetHtmlOnly[key](request.response.headers, config);
-      });
-    }
-  };
-  const httpSecurityHeadersMiddlewareOnError = async request => {
-    if (request.response === undefined) return;
-    return httpSecurityHeadersMiddlewareAfter(request);
-  };
-  return {
-    after: httpSecurityHeadersMiddlewareAfter,
-    onError: httpSecurityHeadersMiddlewareOnError
-  };
-};
-export default httpSecurityHeadersMiddleware;
+//# sourceMappingURL=index.js.map

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@middy/http-security-headers",
-  "version": "3.0.0-alpha.6",
+  "version": "3.0.0",
   "description": "Applies best practice security headers to responses. It's a simplified port of HelmetJS",
   "type": "module",
   "engines": {
@@ -10,10 +10,17 @@
   "publishConfig": {
     "access": "public"
   },
-  "exports": "./index.js",
+  "exports": {
+    ".": {
+      "import": "./index.js",
+      "require": "./index.cjs",
+      "types": "./index.d.ts"
+    }
+  },
   "types": "index.d.ts",
   "files": [
     "index.js",
+    "index.cjs",
     "index.d.ts"
   ],
   "scripts": {
@@ -49,12 +56,12 @@
   "bugs": {
     "url": "https://github.com/middyjs/middy/issues"
   },
-  "homepage": "https://github.com/middyjs/middy#readme",
-  "gitHead": "176660ed3e0716d6bfb635c77251b301e0e24720",
+  "homepage": "https://middy.js.org",
+  "gitHead": "01520fa8628a36c2f89e126cad656a16547ea0d6",
   "dependencies": {
-    "@middy/util": "^3.0.0-alpha.6"
+    "@middy/util": "^3.0.0"
   },
   "devDependencies": {
-    "@middy/core": "^3.0.0-alpha.6"
+    "@middy/core": "^3.0.0"
   }
 }