fastify-frame-guard
Fastify plugin to set the X-Frame-Options header, mitigating things like clickjacking
Why?
You may know frameguard as a frameguard middleware used in helmet. And you could use it as a middleware in fastify also. So why i made this plugin?
You may find the reason in benchmark result and wish you like it. :)
Difference
This plugin has passed all frameguard test cases. And no difference in options.
Install
Via npm:
npm i fastify-frame-guard
Via yarn:
yarn add fastify-frame-guard
Usage
const fastify = ;const fastifyFrameGuard = ; const app = ;app; app;
Options
This plugin has all options which the middleware in helmet gives and support a new option allowedDomains
.
action {string}
Specify the action for this plugin which could be DENY
, SAMEORIGIN
or ALLOW-FROM
. Default is SAMEORIGIN
. Case insensitivity.
DENY
: couldn't be framedSAMEORIGIN
: could only be framed from the same originALLOW-FROM
: could be framed fromdomain
option- others: use default value
domain {string}
Specify the allowed domain for ALLOW-FROM
action.
Changelog
- 0.3.0
- Drop
allowedDomains
option - Update test case
- Drop
- 0.2.0
- Add test case
- Add code coverage
- Add benchmarks
- 0.1.0:
- Init version