@middy/http-security-headers 3.1.1 → 3.2.2
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/index.cjs +7 -5
- package/index.d.ts +27 -1
- package/package.json +4 -4
package/index.cjs
CHANGED
|
@@ -2,8 +2,11 @@
|
|
|
2
2
|
Object.defineProperty(exports, "__esModule", {
|
|
3
3
|
value: true
|
|
4
4
|
});
|
|
5
|
-
module
|
|
6
|
-
|
|
5
|
+
Object.defineProperty(module, "exports", {
|
|
6
|
+
enumerable: true,
|
|
7
|
+
get: ()=>_default
|
|
8
|
+
});
|
|
9
|
+
const _util = require("@middy/util");
|
|
7
10
|
const defaults = {
|
|
8
11
|
contentSecurityPolicy: {
|
|
9
12
|
'default-src': "'none'",
|
|
@@ -190,7 +193,7 @@ const httpSecurityHeadersMiddleware = (opts = {})=>{
|
|
|
190
193
|
...opts
|
|
191
194
|
};
|
|
192
195
|
const httpSecurityHeadersMiddlewareAfter = async (request)=>{
|
|
193
|
-
(0, _util
|
|
196
|
+
(0, _util.normalizeHttpResponse)(request);
|
|
194
197
|
Object.keys(helmet).forEach((key)=>{
|
|
195
198
|
if (!options[key]) return;
|
|
196
199
|
const config = {
|
|
@@ -219,8 +222,7 @@ const httpSecurityHeadersMiddleware = (opts = {})=>{
|
|
|
219
222
|
onError: httpSecurityHeadersMiddlewareOnError
|
|
220
223
|
};
|
|
221
224
|
};
|
|
222
|
-
|
|
223
|
-
module.exports = _default;
|
|
225
|
+
const _default = httpSecurityHeadersMiddleware;
|
|
224
226
|
|
|
225
227
|
|
|
226
228
|
//# sourceMappingURL=index.cjs.map
|
package/index.d.ts
CHANGED
|
@@ -28,8 +28,34 @@ interface Options {
|
|
|
28
28
|
xssProtection?: {
|
|
29
29
|
reportUri?: string
|
|
30
30
|
}
|
|
31
|
+
contentSecurityPolicy?: Record<string, string>
|
|
32
|
+
crossOriginEmbedderPolicy?: {
|
|
33
|
+
policy?: string
|
|
34
|
+
}
|
|
35
|
+
crossOriginOpenerPolicy?: {
|
|
36
|
+
policy?: string
|
|
37
|
+
}
|
|
38
|
+
crossOriginResourcePolicy?: {
|
|
39
|
+
policy?: string
|
|
40
|
+
}
|
|
41
|
+
permissionsPolicy?: Record<string, string>
|
|
42
|
+
permittedCrossDomainPolicies?: {
|
|
43
|
+
policy?: string
|
|
44
|
+
}
|
|
45
|
+
reportTo?: {
|
|
46
|
+
maxAge?: number
|
|
47
|
+
default?: string
|
|
48
|
+
includeSubdomains?: boolean
|
|
49
|
+
csp?: string
|
|
50
|
+
staple?: string
|
|
51
|
+
xss?: string
|
|
52
|
+
}
|
|
31
53
|
}
|
|
32
54
|
|
|
33
|
-
|
|
55
|
+
type WithFalseValues<T> = { [K in keyof T]: T[K] | false }
|
|
56
|
+
|
|
57
|
+
declare function httpSecurityHeaders (
|
|
58
|
+
options?: WithFalseValues<Options>
|
|
59
|
+
): middy.MiddlewareObj
|
|
34
60
|
|
|
35
61
|
export default httpSecurityHeaders
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "@middy/http-security-headers",
|
|
3
|
-
"version": "3.
|
|
3
|
+
"version": "3.2.2",
|
|
4
4
|
"description": "Applies best practice security headers to responses. It's a simplified port of HelmetJS",
|
|
5
5
|
"type": "module",
|
|
6
6
|
"engines": {
|
|
@@ -64,11 +64,11 @@
|
|
|
64
64
|
"url": "https://github.com/middyjs/middy/issues"
|
|
65
65
|
},
|
|
66
66
|
"homepage": "https://middy.js.org",
|
|
67
|
-
"gitHead": "
|
|
67
|
+
"gitHead": "4c960a361cc8844f7b2e6202d9544c852366fb01",
|
|
68
68
|
"dependencies": {
|
|
69
|
-
"@middy/util": "3.
|
|
69
|
+
"@middy/util": "3.2.2"
|
|
70
70
|
},
|
|
71
71
|
"devDependencies": {
|
|
72
|
-
"@middy/core": "3.
|
|
72
|
+
"@middy/core": "3.2.2"
|
|
73
73
|
}
|
|
74
74
|
}
|