shieldwall
v0.3.0
Published
Security for your Fullstack App 🛡️
Downloads
16
Readme
Install
pnpm add shieldwall
Usage
This package aims to support every framework runtime powered by h3, but at thsi moment only SolidStart has first-class adapters.
SolidStart
The exports are out-of-the-box middleware handlers, if you need help creating middlewares in SolidStart, check the docs
import { createMiddleware } from "@solidjs/start/middleware";
import { csrfProtection, secureRequest } from "shieldwall/start";
export default createMiddleware({
onRequest: [csrfProtection, secureRequest()],
});
The CSP must add nonce
on every request and append to script and link tags.
import { createHandler, StartServer } from "@solidjs/start/server";
export default createHandler(
() => (
<StartServer
document={({ assets, children, scripts }) => (
<html lang="en">
<head>
<meta charset="utf-8" />
<meta
name="viewport"
content="width=device-width, initial-scale=1"
/>
<link rel="icon" href="/favicon.ico" />
{assets}
</head>
<body class="overflow-x-hidden bg-gradient-to-bl from-sky-950
to-neutral-900">
<div
id="app"
class="bg-blur-purple min-h-screen grid-cols-[auto,1fr,au
to]"
>
{children}
</div>
{scripts}
</body>
</html>
)}
/>
),
-
+ (event) => ({ nonce: `nonce-${event.locals.nonce}` })
Contributors
💙 This package was templated with
create-typescript-app
.