fastify-frame-guard

Fastify plugin to set the X-Frame-Options header, mitigating things like clickjacking

Why?

You may know frameguard as a frameguard middleware used in helmet. And you could use it as a middleware in fastify also. So why i made this plugin?

You may find the reason in benchmark result and wish you like it. :)

Difference

This plugin has passed all frameguard test cases. And no difference in options.

Install

Via npm:

npm i fastify-frame-guard

Via yarn:

yarn add fastify-frame-guard

Usage

const fastify = require('fastify');
const fastifyFrameGuard = require('fastify-frame-guard');
 
const app = fastify();
app.register(fastifyFrameGuard, {
  // Your options
});
 
app.listen(3000, err => {
  if (err) throw err;
});

Options

This plugin has all options which the middleware in helmet gives and support a new option allowedDomains.

action {string}

Specify the action for this plugin which could be DENY, SAMEORIGIN or ALLOW-FROM. Default is SAMEORIGIN. Case insensitivity.

• DENY: couldn't be framed
• SAMEORIGIN: could only be framed from the same origin
• ALLOW-FROM: could be framed from domain option
• others: use default value

domain {string}

Specify the allowed domain for ALLOW-FROM action.

Changelog

• 0.3.0
  • Drop allowedDomains option
  • Update test case
• 0.2.0
  • Add test case
  • Add code coverage
  • Add benchmarks
• 0.1.0:
  • Init version