npm - @middy/http-security-headers - Versions diffs - 4.0.0 → 4.0.1 - Mend

@middy/http-security-headers 4.0.0 → 4.0.1

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (2) hide show

package/README.md +0 -57
package/package.json +4 -4

package/README.md CHANGED Viewed

@@ -37,63 +37,6 @@
 <p>You can read the documentation at: <a href="https://middy.js.org/docs/middlewares//http-security-headers">https://middy.js.org/docs/middlewares//http-security-headers</a></p>
 </div>
-Applies best practice security headers to responses. It's a simplified port of HelmetJS. See [HelmetJS](https://helmetjs.github.io/) documentation for more details.
-## Install
-To install this middleware you can use NPM:
-```bash
-npm install --save @middy/http-security-headers
-```
-## Options
-Setting an option to `false` to cause that rule to be ignored.
-### All Responses
-- `originAgentCluster`: Default to `{}` to include
-- `referrerPolicy`: Default to `{ policy: 'no-referrer' }`
-- `strictTransportSecurity`: Default to `{ maxAge: 15552000, includeSubDomains: true, preload: true }`
-- X-`dnsPrefetchControl`: Default to `{ allow: false }`
-- X-`downloadOptions`: Default to `{ action: 'noopen' }`
-- X-`poweredBy`: Default to `{ server: '' }` to remove `Server` and `X-Powered-By`
-- X-`contentTypeOptions`: Default to `{ action: 'nosniff' }`
-### HTML Responses
-- `contentSecurityPolicy`: Default to `{ 'default-src': "'none'", 'base-uri':"'none'", 'sandbox':'', 'form-action':"'none'", 'frame-ancestors':"'none'", 'navigate-to':"'none'", 'report-to':'csp', 'require-trusted-types-for':"'script'", 'trusted-types':"'none'", 'upgrade-insecure-requests':'' }`
-- `crossOriginEmbedderPolicy`: Default to `{ policy: 'require-corp' }`
-- `crossOriginOpenerPolicy`: Default to `{ policy: 'same-origin' }`
-- `crossOriginResourcePolicy`: Default to `{ policy: 'same-origin' }`
-- `permissionsPolicy`: Default to `{ *:'', ... }` where all allowed values are set to disable
-- `reportTo`: Defaults to `{ maxAge: 31536000, default: '', includeSubdomains: true, csp: '', staple:'', xss: '' }` which won't report by default, needs setting
-- X-`frameOptions`: Default to `{ action: 'deny' }`
-- X-`xssProtection`: Defaults to `{ reportUri: '' }'`
-## Sample usage
-```javascript
-import middy from '@middy/core'
-import httpSecurityHeaders from '@middy/http-security-headers'
-const handler = middy((event, context) => {
-  return {}
-})
-handler
-  .use(httpSecurityHeaders())
-```
-## Middy documentation and examples
-For more documentation and examples, refers to the main [Middy monorepo on GitHub](https://github.com/middyjs/middy) or [Middy official website](https://middy.js.org).
-## Contributing
-Everyone is very welcome to contribute to this repository. Feel free to [raise issues](https://github.com/middyjs/middy/issues) or to [submit Pull Requests](https://github.com/middyjs/middy/pulls).
 ## License
 Licensed under [MIT License](LICENSE). Copyright (c) 2017-2022 [Luciano Mammino](https://github.com/lmammino), [will Farrell](https://github.com/willfarrell), and the [Middy team](https://github.com/middyjs/middy/graphs/contributors).

package/package.json CHANGED Viewed

@@ -1,6 +1,6 @@
 {
   "name": "@middy/http-security-headers",
-  "version": "4.0.0",
+  "version": "4.0.1",
   "description": "Applies best practice security headers to responses. It's a simplified port of HelmetJS",
   "type": "module",
   "engines": {
@@ -64,11 +64,11 @@
     "url": "https://github.com/middyjs/middy/issues"
   },
   "homepage": "https://middy.js.org",
-  "gitHead": "582286144bcd79968a8c7c2f8867a23c80079a47",
+  "gitHead": "c5ece2bfbb0d607dcdea5685bf194a6cc19acc8d",
   "dependencies": {
-    "@middy/util": "4.0.0"
+    "@middy/util": "4.0.1"
   },
   "devDependencies": {
-    "@middy/core": "4.0.0"
+    "@middy/core": "4.0.1"
   }
 }