npm - @middy/http-security-headers - Versions diffs - 3.0.0 → 3.0.3 - Mend

@middy/http-security-headers 3.0.0 → 3.0.3

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (4) hide show

package/LICENSE CHANGED Viewed

@@ -1,6 +1,6 @@
 MIT License
-Copyright (c) 2017-2022 Luciano Mammino, will Farrell and the [Middy team](https://github.com/middyjs/middy/graphs/contributors)
+Copyright (c) 2017-2022 [Luciano Mammino](https://github.com/lmammino), [will Farrell](https://github.com/willfarrell) and the [Middy team](https://github.com/middyjs/middy/graphs/contributors)
 Permission is hereby granted, free of charge, to any person obtaining a copy
 of this software and associated documentation files (the "Software"), to deal

package/README.md CHANGED Viewed

@@ -10,8 +10,8 @@
   <a href="https://packagephobia.com/result?p=@middy/http-security-headers">
     <img src="https://packagephobia.com/badge?p=@middy/http-security-headers" alt="npm install size" style="max-width:100%;">
   </a>
-  <a href="https://github.com/middyjs/middy/actions">
-    <img src="https://github.com/middyjs/middy/workflows/Tests/badge.svg" alt="GitHub Actions test status badge" style="max-width:100%;">
+  <a href="https://github.com/middyjs/middy/actions/workflows/tests.yml">
+    <img src="https://github.com/middyjs/middy/actions/workflows/tests.yml/badge.svg?branch=main&event=push" alt="GitHub Actions CI status badge" style="max-width:100%;">
   </a>
   <br/>
    <a href="https://standardjs.com/">
@@ -34,6 +34,7 @@
     <img src="https://img.shields.io/badge/StackOverflow-[middy]-yellow" alt="Ask questions on StackOverflow" style="max-width:100%;">
   </a>
 </p>
+<p>You can read the documentation at: <a href="https://middy.js.org/docs/middlewares//http-security-headers">https://middy.js.org/docs/middlewares//http-security-headers</a></p>
 </div>
 Applies best practice security headers to responses. It's a simplified port of HelmetJS. See [HelmetJS](https://helmetjs.github.io/) documentation for more details.
@@ -95,7 +96,7 @@ Everyone is very welcome to contribute to this repository. Feel free to [raise i
 ## License
-Licensed under [MIT License](LICENSE). Copyright (c) 2017-2022 Luciano Mammino, will Farrell, and the [Middy team](https://github.com/middyjs/middy/graphs/contributors).
+Licensed under [MIT License](LICENSE). Copyright (c) 2017-2022 [Luciano Mammino](https://github.com/lmammino), [will Farrell](https://github.com/willfarrell), and the [Middy team](https://github.com/middyjs/middy/graphs/contributors).
 <a href="https://app.fossa.io/projects/git%2Bgithub.com%2Fmiddyjs%2Fmiddy?ref=badge_large">
   <img src="https://app.fossa.io/api/projects/git%2Bgithub.com%2Fmiddyjs%2Fmiddy.svg?type=large" alt="FOSSA Status"  style="max-width:100%;">

package/index.cjs CHANGED Viewed

@@ -1,3 +1,3 @@
-"use strict";Object.defineProperty(exports,"__esModule",{value:true});exports.default=void 0;var _util=require("@middy/util");const defaults={contentSecurityPolicy:{"default-src":"'none'","base-uri":"'none'",sandbox:"","form-action":"'none'","frame-ancestors":"'none'","navigate-to":"'none'","report-to":"csp","require-trusted-types-for":"'script'","trusted-types":"'none'","upgrade-insecure-requests":""},contentTypeOptions:{action:"nosniff"},crossOriginEmbedderPolicy:{policy:"require-corp"},crossOriginOpenerPolicy:{policy:"same-origin"},crossOriginResourcePolicy:{policy:"same-origin"},dnsPrefetchControl:{allow:false},downloadOptions:{action:"noopen"},frameOptions:{action:"deny"},originAgentCluster:{},permissionsPolicy:{accelerometer:"","ambient-light-sensor":"",autoplay:"",battery:"",camera:"","cross-origin-isolated":"","display-capture":"","document-domain":"","encrypted-media":"","execution-while-not-rendered":"","execution-while-out-of-viewport":"",fullscreen:"",geolocation:"",gyroscope:"","keyboard-map":"",magnetometer:"",microphone:"",midi:"","navigation-override":"",payment:"","picture-in-picture":"","publickey-credentials-get":"","screen-wake-lock":"","sync-xhr":"",usb:"","web-share":"","xr-spatial-tracking":"","clipboard-read":"","clipboard-write":"",gamepad:"","speaker-selection":"","conversion-measurement":"","focus-without-user-activation":"",hid:"","idle-detection":"","interest-cohort":"",serial:"","sync-script":"","trust-token-redemption":"","window-placement":"","vertical-scroll":""},permittedCrossDomainPolicies:{policy:"none"},poweredBy:{server:""},referrerPolicy:{policy:"no-referrer"},reportTo:{maxAge:365*24*60*60,default:"",includeSubdomains:true,csp:"",staple:"",xss:""},strictTransportSecurity:{maxAge:180*24*60*60,includeSubDomains:true,preload:true},xssProtection:{reportTo:"xss"}};const helmet={};const helmetHtmlOnly={};helmetHtmlOnly.contentSecurityPolicy=(headers,config)=>{let header=Object.keys(config).map(policy=>config[policy]?`${policy} ${config[policy]}`:"").filter(str=>str).join("; ");if(config.sandbox===""){header+="; sandbox"}if(config["upgrade-insecure-requests"]===""){header+="; upgrade-insecure-requests"}headers["Content-Security-Policy"]=header};helmetHtmlOnly.crossOriginEmbedderPolicy=(headers,config)=>{headers["Cross-Origin-Embedder-Policy"]=config.policy};helmetHtmlOnly.crossOriginOpenerPolicy=(headers,config)=>{headers["Cross-Origin-Opener-Policy"]=config.policy};helmetHtmlOnly.crossOriginResourcePolicy=(headers,config)=>{headers["Cross-Origin-Resource-Policy"]=config.policy};helmetHtmlOnly.permissionsPolicy=(headers,config)=>{headers["Permissions-Policy"]=Object.keys(config).map(policy=>`${policy}=${config[policy]==="*"?"*":"("+config[policy]+")"}`).join(", ")};helmet.originAgentCluster=(headers,config)=>{headers["Origin-Agent-Cluster"]="?1"};helmet.referrerPolicy=(headers,config)=>{headers["Referrer-Policy"]=config.policy};helmetHtmlOnly.reportTo=(headers,config)=>{headers["Report-To"]=Object.keys(config).map(group=>{const includeSubdomains=group==="default"?`, "include_subdomains": ${config.includeSubdomains}`:"";return config[group]&&group!=="includeSubdomains"?`{ "group": "default", "max_age": ${config.maxAge}, "endpoints": [ { "url": "${config[group]}" } ]${includeSubdomains} }`:""}).filter(str=>str).join(", ")};helmet.strictTransportSecurity=(headers,config)=>{let header="max-age="+Math.round(config.maxAge);if(config.includeSubDomains){header+="; includeSubDomains"}if(config.preload){header+="; preload"}headers["Strict-Transport-Security"]=header};helmet.contentTypeOptions=(headers,config)=>{headers["X-Content-Type-Options"]=config.action};helmet.dnsPrefetchControl=(headers,config)=>{headers["X-DNS-Prefetch-Control"]=config.allow?"on":"off"};helmet.downloadOptions=(headers,config)=>{headers["X-Download-Options"]=config.action};helmetHtmlOnly.frameOptions=(headers,config)=>{headers["X-Frame-Options"]=config.action.toUpperCase()};helmet.permittedCrossDomainPolicies=(headers,config)=>{headers["X-Permitted-Cross-Domain-Policies"]=config.policy};helmet.poweredBy=(headers,config)=>{if(config.server){headers["X-Powered-By"]=config.server}else{delete headers.Server;delete headers["X-Powered-By"]}};helmetHtmlOnly.xssProtection=(headers,config)=>{let header="1; mode=block";if(config.reportTo){header+="; report="+config.reportTo}headers["X-XSS-Protection"]=header};const httpSecurityHeadersMiddleware=(opts={})=>{const options={...defaults,...opts};const httpSecurityHeadersMiddlewareAfter=async request=>{(0,_util).normalizeHttpResponse(request);Object.keys(helmet).forEach(key=>{if(!options[key])return;const config={...defaults[key],...options[key]};helmet[key](request.response.headers,config)});if(request.response.headers["Content-Type"]?.includes("text/html")){Object.keys(helmetHtmlOnly).forEach(key=>{if(!options[key])return;const config={...defaults[key],...options[key]};helmetHtmlOnly[key](request.response.headers,config)})}};const httpSecurityHeadersMiddlewareOnError=async request=>{if(request.response===undefined)return;return httpSecurityHeadersMiddlewareAfter(request)};return{after:httpSecurityHeadersMiddlewareAfter,onError:httpSecurityHeadersMiddlewareOnError}};var _default=httpSecurityHeadersMiddleware;exports.default=_default
+"use strict";Object.defineProperty(exports,"__esModule",{value:true});module.exports=void 0;var _util=require("@middy/util");const defaults={contentSecurityPolicy:{"default-src":"'none'","base-uri":"'none'",sandbox:"","form-action":"'none'","frame-ancestors":"'none'","navigate-to":"'none'","report-to":"csp","require-trusted-types-for":"'script'","trusted-types":"'none'","upgrade-insecure-requests":""},contentTypeOptions:{action:"nosniff"},crossOriginEmbedderPolicy:{policy:"require-corp"},crossOriginOpenerPolicy:{policy:"same-origin"},crossOriginResourcePolicy:{policy:"same-origin"},dnsPrefetchControl:{allow:false},downloadOptions:{action:"noopen"},frameOptions:{action:"deny"},originAgentCluster:{},permissionsPolicy:{accelerometer:"","ambient-light-sensor":"",autoplay:"",battery:"",camera:"","cross-origin-isolated":"","display-capture":"","document-domain":"","encrypted-media":"","execution-while-not-rendered":"","execution-while-out-of-viewport":"",fullscreen:"",geolocation:"",gyroscope:"","keyboard-map":"",magnetometer:"",microphone:"",midi:"","navigation-override":"",payment:"","picture-in-picture":"","publickey-credentials-get":"","screen-wake-lock":"","sync-xhr":"",usb:"","web-share":"","xr-spatial-tracking":"","clipboard-read":"","clipboard-write":"",gamepad:"","speaker-selection":"","conversion-measurement":"","focus-without-user-activation":"",hid:"","idle-detection":"","interest-cohort":"",serial:"","sync-script":"","trust-token-redemption":"","window-placement":"","vertical-scroll":""},permittedCrossDomainPolicies:{policy:"none"},poweredBy:{server:""},referrerPolicy:{policy:"no-referrer"},reportTo:{maxAge:365*24*60*60,default:"",includeSubdomains:true,csp:"",staple:"",xss:""},strictTransportSecurity:{maxAge:180*24*60*60,includeSubDomains:true,preload:true},xssProtection:{reportTo:"xss"}};const helmet={};const helmetHtmlOnly={};helmetHtmlOnly.contentSecurityPolicy=(headers,config)=>{let header=Object.keys(config).map(policy=>config[policy]?`${policy} ${config[policy]}`:"").filter(str=>str).join("; ");if(config.sandbox===""){header+="; sandbox"}if(config["upgrade-insecure-requests"]===""){header+="; upgrade-insecure-requests"}headers["Content-Security-Policy"]=header};helmetHtmlOnly.crossOriginEmbedderPolicy=(headers,config)=>{headers["Cross-Origin-Embedder-Policy"]=config.policy};helmetHtmlOnly.crossOriginOpenerPolicy=(headers,config)=>{headers["Cross-Origin-Opener-Policy"]=config.policy};helmetHtmlOnly.crossOriginResourcePolicy=(headers,config)=>{headers["Cross-Origin-Resource-Policy"]=config.policy};helmetHtmlOnly.permissionsPolicy=(headers,config)=>{headers["Permissions-Policy"]=Object.keys(config).map(policy=>`${policy}=${config[policy]==="*"?"*":"("+config[policy]+")"}`).join(", ")};helmet.originAgentCluster=(headers,config)=>{headers["Origin-Agent-Cluster"]="?1"};helmet.referrerPolicy=(headers,config)=>{headers["Referrer-Policy"]=config.policy};helmetHtmlOnly.reportTo=(headers,config)=>{headers["Report-To"]=Object.keys(config).map(group=>{const includeSubdomains=group==="default"?`, "include_subdomains": ${config.includeSubdomains}`:"";return config[group]&&group!=="includeSubdomains"?`{ "group": "default", "max_age": ${config.maxAge}, "endpoints": [ { "url": "${config[group]}" } ]${includeSubdomains} }`:""}).filter(str=>str).join(", ")};helmet.strictTransportSecurity=(headers,config)=>{let header="max-age="+Math.round(config.maxAge);if(config.includeSubDomains){header+="; includeSubDomains"}if(config.preload){header+="; preload"}headers["Strict-Transport-Security"]=header};helmet.contentTypeOptions=(headers,config)=>{headers["X-Content-Type-Options"]=config.action};helmet.dnsPrefetchControl=(headers,config)=>{headers["X-DNS-Prefetch-Control"]=config.allow?"on":"off"};helmet.downloadOptions=(headers,config)=>{headers["X-Download-Options"]=config.action};helmetHtmlOnly.frameOptions=(headers,config)=>{headers["X-Frame-Options"]=config.action.toUpperCase()};helmet.permittedCrossDomainPolicies=(headers,config)=>{headers["X-Permitted-Cross-Domain-Policies"]=config.policy};helmet.poweredBy=(headers,config)=>{if(config.server){headers["X-Powered-By"]=config.server}else{delete headers.Server;delete headers["X-Powered-By"]}};helmetHtmlOnly.xssProtection=(headers,config)=>{let header="1; mode=block";if(config.reportTo){header+="; report="+config.reportTo}headers["X-XSS-Protection"]=header};const httpSecurityHeadersMiddleware=(opts={})=>{const options={...defaults,...opts};const httpSecurityHeadersMiddlewareAfter=async request=>{(0,_util).normalizeHttpResponse(request);Object.keys(helmet).forEach(key=>{if(!options[key])return;const config={...defaults[key],...options[key]};helmet[key](request.response.headers,config)});if(request.response.headers["Content-Type"]?.includes("text/html")){Object.keys(helmetHtmlOnly).forEach(key=>{if(!options[key])return;const config={...defaults[key],...options[key]};helmetHtmlOnly[key](request.response.headers,config)})}};const httpSecurityHeadersMiddlewareOnError=async request=>{if(request.response===undefined)return;return httpSecurityHeadersMiddlewareAfter(request)};return{after:httpSecurityHeadersMiddlewareAfter,onError:httpSecurityHeadersMiddlewareOnError}};var _default=httpSecurityHeadersMiddleware;module.exports=_default
 //# sourceMappingURL=index.cjs.map

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@middy/http-security-headers",
-  "version": "3.0.0",
+  "version": "3.0.3",
   "description": "Applies best practice security headers to responses. It's a simplified port of HelmetJS",
   "type": "module",
   "engines": {
@@ -57,11 +57,11 @@
     "url": "https://github.com/middyjs/middy/issues"
   },
   "homepage": "https://middy.js.org",
-  "gitHead": "01520fa8628a36c2f89e126cad656a16547ea0d6",
+  "gitHead": "ea9e5e8cce754d0c467c7dd3ac9a7601149efea2",
   "dependencies": {
-    "@middy/util": "^3.0.0"
+    "@middy/util": "3.0.3"
   },
   "devDependencies": {
-    "@middy/core": "^3.0.0"
+    "@middy/core": "3.0.3"
   }
 }