@middy/http-security-headers 3.0.0-alpha.7 → 3.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.cjs +3 -0
- package/index.js +1 -1
- package/package.json +13 -6
package/index.cjs
ADDED
|
@@ -0,0 +1,3 @@
|
|
|
1
|
+
"use strict";Object.defineProperty(exports,"__esModule",{value:true});exports.default=void 0;var _util=require("@middy/util");const defaults={contentSecurityPolicy:{"default-src":"'none'","base-uri":"'none'",sandbox:"","form-action":"'none'","frame-ancestors":"'none'","navigate-to":"'none'","report-to":"csp","require-trusted-types-for":"'script'","trusted-types":"'none'","upgrade-insecure-requests":""},contentTypeOptions:{action:"nosniff"},crossOriginEmbedderPolicy:{policy:"require-corp"},crossOriginOpenerPolicy:{policy:"same-origin"},crossOriginResourcePolicy:{policy:"same-origin"},dnsPrefetchControl:{allow:false},downloadOptions:{action:"noopen"},frameOptions:{action:"deny"},originAgentCluster:{},permissionsPolicy:{accelerometer:"","ambient-light-sensor":"",autoplay:"",battery:"",camera:"","cross-origin-isolated":"","display-capture":"","document-domain":"","encrypted-media":"","execution-while-not-rendered":"","execution-while-out-of-viewport":"",fullscreen:"",geolocation:"",gyroscope:"","keyboard-map":"",magnetometer:"",microphone:"",midi:"","navigation-override":"",payment:"","picture-in-picture":"","publickey-credentials-get":"","screen-wake-lock":"","sync-xhr":"",usb:"","web-share":"","xr-spatial-tracking":"","clipboard-read":"","clipboard-write":"",gamepad:"","speaker-selection":"","conversion-measurement":"","focus-without-user-activation":"",hid:"","idle-detection":"","interest-cohort":"",serial:"","sync-script":"","trust-token-redemption":"","window-placement":"","vertical-scroll":""},permittedCrossDomainPolicies:{policy:"none"},poweredBy:{server:""},referrerPolicy:{policy:"no-referrer"},reportTo:{maxAge:365*24*60*60,default:"",includeSubdomains:true,csp:"",staple:"",xss:""},strictTransportSecurity:{maxAge:180*24*60*60,includeSubDomains:true,preload:true},xssProtection:{reportTo:"xss"}};const helmet={};const helmetHtmlOnly={};helmetHtmlOnly.contentSecurityPolicy=(headers,config)=>{let header=Object.keys(config).map(policy=>config[policy]?`${policy} ${config[policy]}`:"").filter(str=>str).join("; ");if(config.sandbox===""){header+="; sandbox"}if(config["upgrade-insecure-requests"]===""){header+="; upgrade-insecure-requests"}headers["Content-Security-Policy"]=header};helmetHtmlOnly.crossOriginEmbedderPolicy=(headers,config)=>{headers["Cross-Origin-Embedder-Policy"]=config.policy};helmetHtmlOnly.crossOriginOpenerPolicy=(headers,config)=>{headers["Cross-Origin-Opener-Policy"]=config.policy};helmetHtmlOnly.crossOriginResourcePolicy=(headers,config)=>{headers["Cross-Origin-Resource-Policy"]=config.policy};helmetHtmlOnly.permissionsPolicy=(headers,config)=>{headers["Permissions-Policy"]=Object.keys(config).map(policy=>`${policy}=${config[policy]==="*"?"*":"("+config[policy]+")"}`).join(", ")};helmet.originAgentCluster=(headers,config)=>{headers["Origin-Agent-Cluster"]="?1"};helmet.referrerPolicy=(headers,config)=>{headers["Referrer-Policy"]=config.policy};helmetHtmlOnly.reportTo=(headers,config)=>{headers["Report-To"]=Object.keys(config).map(group=>{const includeSubdomains=group==="default"?`, "include_subdomains": ${config.includeSubdomains}`:"";return config[group]&&group!=="includeSubdomains"?`{ "group": "default", "max_age": ${config.maxAge}, "endpoints": [ { "url": "${config[group]}" } ]${includeSubdomains} }`:""}).filter(str=>str).join(", ")};helmet.strictTransportSecurity=(headers,config)=>{let header="max-age="+Math.round(config.maxAge);if(config.includeSubDomains){header+="; includeSubDomains"}if(config.preload){header+="; preload"}headers["Strict-Transport-Security"]=header};helmet.contentTypeOptions=(headers,config)=>{headers["X-Content-Type-Options"]=config.action};helmet.dnsPrefetchControl=(headers,config)=>{headers["X-DNS-Prefetch-Control"]=config.allow?"on":"off"};helmet.downloadOptions=(headers,config)=>{headers["X-Download-Options"]=config.action};helmetHtmlOnly.frameOptions=(headers,config)=>{headers["X-Frame-Options"]=config.action.toUpperCase()};helmet.permittedCrossDomainPolicies=(headers,config)=>{headers["X-Permitted-Cross-Domain-Policies"]=config.policy};helmet.poweredBy=(headers,config)=>{if(config.server){headers["X-Powered-By"]=config.server}else{delete headers.Server;delete headers["X-Powered-By"]}};helmetHtmlOnly.xssProtection=(headers,config)=>{let header="1; mode=block";if(config.reportTo){header+="; report="+config.reportTo}headers["X-XSS-Protection"]=header};const httpSecurityHeadersMiddleware=(opts={})=>{const options={...defaults,...opts};const httpSecurityHeadersMiddlewareAfter=async request=>{(0,_util).normalizeHttpResponse(request);Object.keys(helmet).forEach(key=>{if(!options[key])return;const config={...defaults[key],...options[key]};helmet[key](request.response.headers,config)});if(request.response.headers["Content-Type"]?.includes("text/html")){Object.keys(helmetHtmlOnly).forEach(key=>{if(!options[key])return;const config={...defaults[key],...options[key]};helmetHtmlOnly[key](request.response.headers,config)})}};const httpSecurityHeadersMiddlewareOnError=async request=>{if(request.response===undefined)return;return httpSecurityHeadersMiddlewareAfter(request)};return{after:httpSecurityHeadersMiddlewareAfter,onError:httpSecurityHeadersMiddlewareOnError}};var _default=httpSecurityHeadersMiddleware;exports.default=_default
|
|
2
|
+
|
|
3
|
+
//# sourceMappingURL=index.cjs.map
|
package/index.js
CHANGED
|
@@ -1,3 +1,3 @@
|
|
|
1
|
-
import{normalizeHttpResponse}from
|
|
1
|
+
import{normalizeHttpResponse}from"@middy/util";const defaults={contentSecurityPolicy:{"default-src":"'none'","base-uri":"'none'",sandbox:"","form-action":"'none'","frame-ancestors":"'none'","navigate-to":"'none'","report-to":"csp","require-trusted-types-for":"'script'","trusted-types":"'none'","upgrade-insecure-requests":""},contentTypeOptions:{action:"nosniff"},crossOriginEmbedderPolicy:{policy:"require-corp"},crossOriginOpenerPolicy:{policy:"same-origin"},crossOriginResourcePolicy:{policy:"same-origin"},dnsPrefetchControl:{allow:false},downloadOptions:{action:"noopen"},frameOptions:{action:"deny"},originAgentCluster:{},permissionsPolicy:{accelerometer:"","ambient-light-sensor":"",autoplay:"",battery:"",camera:"","cross-origin-isolated":"","display-capture":"","document-domain":"","encrypted-media":"","execution-while-not-rendered":"","execution-while-out-of-viewport":"",fullscreen:"",geolocation:"",gyroscope:"","keyboard-map":"",magnetometer:"",microphone:"",midi:"","navigation-override":"",payment:"","picture-in-picture":"","publickey-credentials-get":"","screen-wake-lock":"","sync-xhr":"",usb:"","web-share":"","xr-spatial-tracking":"","clipboard-read":"","clipboard-write":"",gamepad:"","speaker-selection":"","conversion-measurement":"","focus-without-user-activation":"",hid:"","idle-detection":"","interest-cohort":"",serial:"","sync-script":"","trust-token-redemption":"","window-placement":"","vertical-scroll":""},permittedCrossDomainPolicies:{policy:"none"},poweredBy:{server:""},referrerPolicy:{policy:"no-referrer"},reportTo:{maxAge:365*24*60*60,default:"",includeSubdomains:true,csp:"",staple:"",xss:""},strictTransportSecurity:{maxAge:180*24*60*60,includeSubDomains:true,preload:true},xssProtection:{reportTo:"xss"}};const helmet={};const helmetHtmlOnly={};helmetHtmlOnly.contentSecurityPolicy=(headers,config)=>{let header=Object.keys(config).map(policy=>config[policy]?`${policy} ${config[policy]}`:"").filter(str=>str).join("; ");if(config.sandbox===""){header+="; sandbox"}if(config["upgrade-insecure-requests"]===""){header+="; upgrade-insecure-requests"}headers["Content-Security-Policy"]=header};helmetHtmlOnly.crossOriginEmbedderPolicy=(headers,config)=>{headers["Cross-Origin-Embedder-Policy"]=config.policy};helmetHtmlOnly.crossOriginOpenerPolicy=(headers,config)=>{headers["Cross-Origin-Opener-Policy"]=config.policy};helmetHtmlOnly.crossOriginResourcePolicy=(headers,config)=>{headers["Cross-Origin-Resource-Policy"]=config.policy};helmetHtmlOnly.permissionsPolicy=(headers,config)=>{headers["Permissions-Policy"]=Object.keys(config).map(policy=>`${policy}=${config[policy]==="*"?"*":"("+config[policy]+")"}`).join(", ")};helmet.originAgentCluster=(headers,config)=>{headers["Origin-Agent-Cluster"]="?1"};helmet.referrerPolicy=(headers,config)=>{headers["Referrer-Policy"]=config.policy};helmetHtmlOnly.reportTo=(headers,config)=>{headers["Report-To"]=Object.keys(config).map(group=>{const includeSubdomains=group==="default"?`, "include_subdomains": ${config.includeSubdomains}`:"";return config[group]&&group!=="includeSubdomains"?`{ "group": "default", "max_age": ${config.maxAge}, "endpoints": [ { "url": "${config[group]}" } ]${includeSubdomains} }`:""}).filter(str=>str).join(", ")};helmet.strictTransportSecurity=(headers,config)=>{let header="max-age="+Math.round(config.maxAge);if(config.includeSubDomains){header+="; includeSubDomains"}if(config.preload){header+="; preload"}headers["Strict-Transport-Security"]=header};helmet.contentTypeOptions=(headers,config)=>{headers["X-Content-Type-Options"]=config.action};helmet.dnsPrefetchControl=(headers,config)=>{headers["X-DNS-Prefetch-Control"]=config.allow?"on":"off"};helmet.downloadOptions=(headers,config)=>{headers["X-Download-Options"]=config.action};helmetHtmlOnly.frameOptions=(headers,config)=>{headers["X-Frame-Options"]=config.action.toUpperCase()};helmet.permittedCrossDomainPolicies=(headers,config)=>{headers["X-Permitted-Cross-Domain-Policies"]=config.policy};helmet.poweredBy=(headers,config)=>{if(config.server){headers["X-Powered-By"]=config.server}else{delete headers.Server;delete headers["X-Powered-By"]}};helmetHtmlOnly.xssProtection=(headers,config)=>{let header="1; mode=block";if(config.reportTo){header+="; report="+config.reportTo}headers["X-XSS-Protection"]=header};const httpSecurityHeadersMiddleware=(opts={})=>{const options={...defaults,...opts};const httpSecurityHeadersMiddlewareAfter=async request=>{normalizeHttpResponse(request);Object.keys(helmet).forEach(key=>{if(!options[key])return;const config={...defaults[key],...options[key]};helmet[key](request.response.headers,config)});if(request.response.headers["Content-Type"]?.includes("text/html")){Object.keys(helmetHtmlOnly).forEach(key=>{if(!options[key])return;const config={...defaults[key],...options[key]};helmetHtmlOnly[key](request.response.headers,config)})}};const httpSecurityHeadersMiddlewareOnError=async request=>{if(request.response===undefined)return;return httpSecurityHeadersMiddlewareAfter(request)};return{after:httpSecurityHeadersMiddlewareAfter,onError:httpSecurityHeadersMiddlewareOnError}};export default httpSecurityHeadersMiddleware
|
|
2
2
|
|
|
3
3
|
//# sourceMappingURL=index.js.map
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@middy/http-security-headers",
|
|
3
|
-
"version": "3.0.
|
|
3
|
+
"version": "3.0.1",
|
|
4
4
|
"description": "Applies best practice security headers to responses. It's a simplified port of HelmetJS",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"engines": {
|
|
@@ -10,10 +10,17 @@
|
|
|
10
10
|
"publishConfig": {
|
|
11
11
|
"access": "public"
|
|
12
12
|
},
|
|
13
|
-
"exports":
|
|
13
|
+
"exports": {
|
|
14
|
+
".": {
|
|
15
|
+
"import": "./index.js",
|
|
16
|
+
"require": "./index.cjs",
|
|
17
|
+
"types": "./index.d.ts"
|
|
18
|
+
}
|
|
19
|
+
},
|
|
14
20
|
"types": "index.d.ts",
|
|
15
21
|
"files": [
|
|
16
22
|
"index.js",
|
|
23
|
+
"index.cjs",
|
|
17
24
|
"index.d.ts"
|
|
18
25
|
],
|
|
19
26
|
"scripts": {
|
|
@@ -49,12 +56,12 @@
|
|
|
49
56
|
"bugs": {
|
|
50
57
|
"url": "https://github.com/middyjs/middy/issues"
|
|
51
58
|
},
|
|
52
|
-
"homepage": "https://
|
|
53
|
-
"gitHead": "
|
|
59
|
+
"homepage": "https://middy.js.org",
|
|
60
|
+
"gitHead": "797455e2c2be445867bc03597e0a2d5b0560c9de",
|
|
54
61
|
"dependencies": {
|
|
55
|
-
"@middy/util": "^3.0.
|
|
62
|
+
"@middy/util": "^3.0.1"
|
|
56
63
|
},
|
|
57
64
|
"devDependencies": {
|
|
58
|
-
"@middy/core": "^3.0.
|
|
65
|
+
"@middy/core": "^3.0.1"
|
|
59
66
|
}
|
|
60
67
|
}
|