serverless-openapi-documenter 0.0.117-beta.1 → 0.0.118-beta.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- package/README.md +2 -1
- package/json/owasp.json +6 -2
- package/package.json +3 -3
- package/src/owasp.js +5 -0
package/README.md
CHANGED
|
@@ -932,7 +932,7 @@ The generator will interpret your settings for CORS and automatically add the re
|
|
|
932
932
|
|
|
933
933
|
You can make use of the [OWASP Secure Headers](https://owasp.org/www-project-secure-headers/#x-permitted-cross-domain-policies) to generate response headers. These are a selection of response headers with default values that OWASP recommends returning with your response to help secure your application.
|
|
934
934
|
|
|
935
|
-
The OWASP Secure Headers Project contains a set of recommended headers to return with recommended values, when generating the documentation, the generator will attempt to get the latest version of this document and apply the latest recommendations. If you do not allow outside connections, it will default to a version of recommendations from **
|
|
935
|
+
The OWASP Secure Headers Project contains a set of recommended headers to return with recommended values, when generating the documentation, the generator will attempt to get the latest version of this document and apply the latest recommendations. If you do not allow outside connections, it will default to a version of recommendations from **2025-08-17 15:23:47 UTC**.
|
|
936
936
|
|
|
937
937
|
Like CORS, if you have already set any of the OWASP Secure headers via `responseHeaders`, it will not overwrite them.
|
|
938
938
|
|
|
@@ -982,6 +982,7 @@ The full list of OWASP Secure Headers you can set are:
|
|
|
982
982
|
- xContentTypeOptions - X-Content-Type-Options,
|
|
983
983
|
- xFrameOptions - X-Frame-Options,
|
|
984
984
|
- xPermittedCrossDomainPolicies - X-Permitted-Cross-Domain-Policies
|
|
985
|
+
- xDNSPrefetchControl - X-DNS-Prefetch-Control
|
|
985
986
|
|
|
986
987
|
You should note that `Pragma` has been [deprecated by owasp](https://owasp.org/www-project-secure-headers/#pragma), this plugin will issue a warning when you are still using Pragma and might drop support.
|
|
987
988
|
|
package/json/owasp.json
CHANGED
|
@@ -1,5 +1,5 @@
|
|
|
1
1
|
{
|
|
2
|
-
"last_update_utc": "
|
|
2
|
+
"last_update_utc": "2025-08-17 15:23:47",
|
|
3
3
|
"headers": [
|
|
4
4
|
{
|
|
5
5
|
"name": "Cache-Control",
|
|
@@ -11,7 +11,7 @@
|
|
|
11
11
|
},
|
|
12
12
|
{
|
|
13
13
|
"name": "Content-Security-Policy",
|
|
14
|
-
"value": "default-src 'self'; form-action 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests
|
|
14
|
+
"value": "default-src 'self'; form-action 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'none'; upgrade-insecure-requests"
|
|
15
15
|
},
|
|
16
16
|
{
|
|
17
17
|
"name": "Cross-Origin-Embedder-Policy",
|
|
@@ -41,6 +41,10 @@
|
|
|
41
41
|
"name": "X-Content-Type-Options",
|
|
42
42
|
"value": "nosniff"
|
|
43
43
|
},
|
|
44
|
+
{
|
|
45
|
+
"name": "X-DNS-Prefetch-Control",
|
|
46
|
+
"value": "off"
|
|
47
|
+
},
|
|
44
48
|
{
|
|
45
49
|
"name": "X-Frame-Options",
|
|
46
50
|
"value": "deny"
|
package/package.json
CHANGED
|
@@ -1,6 +1,6 @@
|
|
|
1
1
|
{
|
|
2
2
|
"name": "serverless-openapi-documenter",
|
|
3
|
-
"version": "0.0.
|
|
3
|
+
"version": "0.0.118-beta.1",
|
|
4
4
|
"description": "Generate OpenAPI v3 documentation and Postman Collections from your Serverless Config",
|
|
5
5
|
"main": "index.js",
|
|
6
6
|
"keywords": [
|
|
@@ -48,9 +48,9 @@
|
|
|
48
48
|
"@apidevtools/json-schema-ref-parser": "^9.1.0",
|
|
49
49
|
"@redocly/openapi-core": "^1.34.5",
|
|
50
50
|
"chalk": "^4.1.2",
|
|
51
|
-
"js-yaml": "^4.1.
|
|
51
|
+
"js-yaml": "^4.1.1",
|
|
52
52
|
"json-schema-for-openapi": "^0.5.0",
|
|
53
|
-
"openapi-to-postmanv2": "^5.
|
|
53
|
+
"openapi-to-postmanv2": "^5.4.1",
|
|
54
54
|
"uuid": "^11.1.0"
|
|
55
55
|
},
|
|
56
56
|
"engines": {
|
package/src/owasp.js
CHANGED
|
@@ -67,6 +67,10 @@ class OWASP {
|
|
|
67
67
|
description:
|
|
68
68
|
"A cross-domain policy file is an XML document that grants a web client, such as Adobe Flash Player or Adobe Acrobat (though not necessarily limited to these), permission to handle data across domains. When clients request content hosted on a particular source domain and that content makes requests directed towards a domain other than its own, the remote domain needs to host a cross-domain policy file that grants access to the source domain, allowing the client to continue the transaction. Normally a meta-policy is declared in the master policy file, but for those who can't write to the root directory, they can also declare a meta-policy using the X-Permitted-Cross-Domain-Policies HTTP response header. - [OWASP Link](https://owasp.org/www-project-secure-headers/#x-permitted-cross-domain-policies)",
|
|
69
69
|
},
|
|
70
|
+
"X-DNS-Prefetch-Control": {
|
|
71
|
+
description:
|
|
72
|
+
"The HTTP X-DNS-Prefetch-Control response header controls DNS prefetching, a feature by which browsers proactively perform domain name resolution on links that the user may choose to follow as well as URLs for items referenced by the document, including images, CSS, JavaScript, and so forth. - [MDN Link](https://developer.mozilla.org/en-US/docs/Web/HTTP/Reference/Headers/X-DNS-Prefetch-Control)",
|
|
73
|
+
},
|
|
70
74
|
};
|
|
71
75
|
|
|
72
76
|
this.headerMap = {
|
|
@@ -83,6 +87,7 @@ class OWASP {
|
|
|
83
87
|
xContentTypeOptions: "X-Content-Type-Options",
|
|
84
88
|
xFrameOptions: "X-Frame-Options",
|
|
85
89
|
xPermittedCrossDomainPolicies: "X-Permitted-Cross-Domain-Policies",
|
|
90
|
+
xDNSPrefetchControl: "X-DNS-Prefetch-Control",
|
|
86
91
|
};
|
|
87
92
|
}
|
|
88
93
|
|