fastify-hsts
v0.3.0
Published
Fastify plugin for HTTP Strict Transport Security
Downloads
7
Maintainers
Readme
fastify-hsts
Fastify plugin for HTTP Strict Transport Security
Why?
You may know hsts as a hsts middleware used in helmet. And you could use it as a middleware in fastify also. So why i made this plugin?
You may find the reason in benchmark result and wish you like it. :)
Difference
This plugin has passed all hsts test cases. But there are some differences to csp:
- Will use default value if no
maxAge
option or it's invalid. - Will ignore
setIf
if it's not a function.
Install
Via npm:
npm i fastify-hsts
Via yarn:
yarn add fastify-hsts
Usage
const fastify = require('fastify');
const fastifyHsts = require('fastify-hsts');
const app = fastify();
app.register(fastifyHsts, {
// Your options
});
app.listen(3000, err => {
if (err) throw err;
});
Options
This plugin has the same options as the middleware in helmet.
maxAge {number}
Set max-age
in header. Default is 15552000
which means 180 days in seconds. Plugin will use default value if you passed in a non-numeric value.
includeSubDomains {boolean}
Set includeSubDomains
value in header. Default is true
. You could see more informations here for this value.
includeSubdomains {boolean}
Alias to includeSubDomains
.
preload {boolean}
Set preload
value in header. Default is false
. You could see more informations here for this value.
setIf {function}
This plugin will always set the header since the header is ignored in insecure HTTP. But if you wish to set it conditionally, you could use this.
app.register(fastifyHsts, {
setIf: (request, reply) => {
// request is the fastify request instance
// reply is the fastify reply instance
// should return a truly value for setting header
}
});
Changelog
- 0.3.0
- Use hsts test cases
- 0.2.0
- Add test case
- Add code coverage
- Add benchmarks
- 0.1.0
- Init version