fastify-fast-helmet
Important security headers for Fastify
Why?
You may know fastify-helmet as a helmet plugin for fastify. So why i made this plugin?
This plugin uses a set of helmet plugins for fastify instead of the helmet middlewares. You may find the reason in benchmark result and wish you like it. :)
Plugins
fastify-fast-helmet is a collection of 12 smaller middleware functions that set HTTP headers.
| Module | Option | Description | Default? |
|---|---|---|---|
| fastify-csp | contentSecurityPolicy |
for setting Content Security Policy | |
| fastify-expect-ct | expectCt |
for handling Certificate Transparency | |
| fastify-dns-prefetch-control | dnsPrefetchControl |
controls browser DNS prefetching | ✓ |
| fastify-frame-guard | frameguard |
to prevent clickjacking | ✓ |
| fastify-hide-powered-by | hidePoweredBy |
to remove the X-Powered-By header | ✓ |
| fastify-hpkp | hpkp |
for HTTP Public Key Pinning | |
| fastify-hsts | hsts |
for HTTP Strict Transport Security | ✓ |
| fastify-ie-no-open | ieNoOpen |
sets X-Download-Options for IE8+ | ✓ |
| fastify-no-cache | noCache |
to disable client-side caching | |
| fastify-no-sniff | noSniff |
to keep clients from sniffing the MIME type | ✓ |
| fastify-referrer-policy | referrerPolicy |
to hide the Referer header | |
| fastify-xss-filter | xssFilter |
adds some small XSS protections | ✓ |
Difference
The sub plugins use test cases from helmet middleware and their actions are almost same as helmet middlewares but a little difference in fastify-csp.
Install
Via npm:
npm i fastify-fast-helmetVia yarn:
yarn add fastify-fast-helmetUsage
const fastify = ;const fastifyHelmet = ; const app = ;app; app;Changelog
- 0.3.0:
- Init version