@rill/helmet
v1.3.0
Published
Collection of middleware to implement various security headers for Rill.
Downloads
109
Maintainers
Readme
A wrapper for Helmet that works with Rill.
Helmet helps you secure your app by setting various HTTP headers.
Installation
npm install @rill/helmet
Example
You can use the default settings.
const app = require('rill')()
const helmet = require('@rill/helmet')
app.use(helmet())
Or use individual middleware.
app.use(helmet.noCache())
app.use(helmet.frameguard())
How it works
Helmet is a collection of 12 smaller middleware functions that set HTTP headers. Running app.use(helmet())
will not include all of these middleware functions by default.
| Module | Default? | |---|---| | contentSecurityPolicy for setting Content Security Policy | | | expectCt for handling Certificate Transparency | | | dnsPrefetchControl controls browser DNS prefetching | ✓ | | frameguard to prevent clickjacking | ✓ | | hidePoweredBy to remove the X-Powered-By header | ✓ | | hpkp for HTTP Public Key Pinning | | | hsts for HTTP Strict Transport Security | ✓ | | ieNoOpen sets X-Download-Options for IE8+ | ✓ | | noCache to disable client-side caching | | | noSniff to keep clients from sniffing the MIME type | ✓ | | referrerPolicy to hide the Referer header | | | xssFilter adds some small XSS protections | ✓ |
For a more in depth guide on how to use @rill/helmet, check out the official Helmet documentation.
Contributions
- Use
npm test
to run tests.
Please feel free to create a PR!