blockade – secure ⚓️ headers and cookies for Node.js web frameworks

收藏待读

https://github.com/TypeError/blockade

Blockade

Blockade :anchor:️ is a lightweight package that adds optional security headers and cookie attributes for Node.js web frameworks.

Security HTTP headers and cookie attributes help enhance the security of your web application by enabling built-in browser security mechanisms.

Supported Node.js web frameworks:

AdonisJs , Express , Fastify , hapi , Koa , Meteor , Nest , Polka , restify , Sails , Total.js

Install

$ npm i blockade

After installing Blockade:

const blockade = require("blockade");

const secureHeaders = new blockade.SecureHeaders();
const secureCookie = new blockade.SecureCookie();

Secure Headers

Example

secureHeaders.framework(response);

Default HTTP response headers:

Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Cache-control: no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Expires: 0

Secure Cookie

Example

secureCookie.framework(response, "foo", "bar");

Default Set-Cookie HTTP response header:

Set-Cookie: foo=bar; Path=/; secure; HttpOnly; SameSite=lax

Documentation

Please see the full set of documentation at https://blockadejs.readthedocs.io

Resources

相關閱讀

免责声明:本文内容来源于Github,已注明原文出处和链接,文章观点不代表立场,如若侵犯到您的权益,或涉不实谣言,敬请向我们提出检举。