Middy http-security-headers middleware
HTTP security headers middleware for the middy framework, the stylish Node.js middleware engine for AWS Lambda
Applies best practice security headers to responses. It's a simplified port of [HelmetJS](https://helmetjs.github.io/). See HelmetJS documentation for more details.
Applies best practice security headers to responses. It's a simplified port of HelmetJS. See HelmetJS documentation for more details.
Install
To install this middleware you can use NPM:
npm install --save @middy/http-security-headers
Options
-
dnsPrefetchControl
controls browser DNS prefetching -
expectCt
for handling Certificate Transparency (Future Feature) -
frameguard
to prevent clickjacking -
hidePoweredBy
to remove the Server/X-Powered-By header -
hsts
for HTTP Strict Transport Security -
ieNoOpen
sets X-Download-Options for IE8+ -
noSniff
to keep clients from sniffing the MIME type -
referrerPolicy
to hide the Referer header -
xssFilter
adds some small XSS protections
Sample usage
const middy = require('@middy/core')
const httpSecurityHeaders = require('@middy/http-security-headers')
const handler = middy((event, context, cb) => {
cb(null, {})
})
handler
.use(httpSecurityHeaders())
Middy documentation and examples
For more documentation and examples, refers to the main Middy monorepo on GitHub or Middy official website.
Contributing
Everyone is very welcome to contribute to this repository. Feel free to raise issues or to submit Pull Requests.
License
Licensed under MIT License. Copyright (c) 2017-2018 Luciano Mammino and the Middy team.