@lottojs/secure-headers
v0.1.4
Published
A Node.js middleware for enhancing security by adding secure HTTP headers. Mitigate various web vulnerabilities.
Downloads
10
Maintainers
Readme
About The Project
A middleware tailored for Node.js applications to set secure HTTP headers, mitigating various web vulnerabilities by enforcing headers for XSS protection, content security policy, strict transport security, MIME type sniffing prevention, and more. Initially created to serve the @lottojs/lotto package but nothing excludes it to be also used by the community.
Documentation
Complete API documentation is available at lottojs.tech.
Getting Started
Installation
npm i @lottojs/secure-headers
Usage
The package provides middleware named secureHeaders
. This middleware should be applied within your server handlers to set the necessary secure HTTP headers. These headers help in preventing various web vulnerabilities.
import { createServer } from 'node:http';
import { secureHeaders } from '@lottojs/secure-headers';
createServer(
async (req: IncomingMessage, res: ServerResponse) => {
...
const secureHeaders = {
...
xContentTypeOptions: 'nosniff',
xXssProtection: '1; mode=block',
contentSecurityPolicy: "default-src 'self'",
strictTransportSecurity:
'max-age=31536000; includeSubDomains; preload',
xFrameOptions: 'DENY',
cacheControl: 'no-store, no-cache, must-revalidate, private',
...
}
secureHeaders(secureHeaders)(res, next())
...
},
)
Contributing
All forms of contributions are more than welcome! You can contribute in the following ways:
- Create an Issue
- Create a Pull Request
- Create third-party middlewares
- Share with your friends
- Make your application with
Lotto
.
For more details, see Contribution Guide.
License
Distributed under the MIT License. See LICENSE
for more information.