@httpland/coop-middleware
v1.0.0
Published
HTTP cross-origin opener policy(COOP) middleware
Downloads
27
Maintainers
Readme
coop-middleware
HTTP cross-origin opener policy(COOP) middleware.
Compliant with HTML Living Standard, 7.1.3 Cross-origin opener policies.
Middleware
For a definition of Universal HTTP middleware, see the http-middleware project.
Usage
Middleware adds the Cross-Origin-Opener-Policy
header to the response.
import {
coop,
type Handler,
} from "https://deno.land/x/coop_middleware@$VERSION/mod.ts";
import { assert } from "https://deno.land/std/testing/asserts.ts";
declare const request: Request;
declare const handler: Handler;
const middleware = coop();
const response = await middleware(request, handler);
assert(response.headers.has("cross-origin-opener-policy"));
yield:
Cross-Origin-Opener-Policy: same-origin
Options
The middleware factory accepts the following fields:
| Name | Type | Default | Description |
| ---------- | -------------------------------------------------------------------------- | :-------------: | ----------------------------------------- |
| policy | "unsafe-none"
| "same-origin-allow-popups"
| "same-origin"
| "same-origin"
| Embedder policy value. |
| reportTo | string
| - | Reporting endpoint name. |
| reportOnly | boolean
| false
| Whether the header is report-only or not. |
policy
If specified, change the cross-origin opener policy value.
import { coop } from "https://deno.land/x/coop_middleware@$VERSION/middleware.ts";
const middleware = coop({ policy: "same-origin-allow-popups" });
yield:
Cross-Origin-Opener-Policy: same-origin-allow-popups
reportTo
If specified, adds a report-to
param to the output.
import { coop } from "https://deno.land/x/coop_middleware@$VERSION/middleware.ts";
const middleware = coop({ reportTo: "default" });
yield:
Cross-Origin-Opener-Policy: same-origin;report-to=default
reportOnly
Depending on the value, the header will be:
| Value | Field name |
| ------- | ---------------------------------------- |
| true
| Cross-Origin-Opener-Policy-Report-Only
|
| false
| Cross-Origin-Opener-Policy
|
import { coop } from "https://deno.land/x/coop_middleware@$VERSION/middleware.ts";
const middleware = coop({ reportOnly: true });
yield:
Cross-Origin-Opener-Policy-Report-Only: same-origin
Throwing error
If serialization of opener policy fails, it may throw TypeError
.
The following cases are failures:
- If
reportTo
field is an invalid<sf-token>
syntax
import { coop } from "https://deno.land/x/coop_middleware@$VERSION/middleware.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";
assertThrows(() => coop({ reportTo: "<invalid>" }));
Conditions
Middleware will execute if all of the following conditions are met:
- Response does not include
Cross-Origin-Opener-Policy
header - Response does not include
Cross-Origin-Opener-Policy-Report-Only
header
Effects
Middleware may make changes to the following elements of the HTTP message.
- HTTP Headers
- Cross-Origin-Opener-Policy
- Cross-Origin-Opener-Policy-Report-Only
API
All APIs can be found in the deno doc.
License
Copyright © 2023-present httpland.
Released under the MIT license