37
blockade - secure ⚓️ headers and cookies for Node.js web frameworks
source link: https://www.tuicool.com/articles/hit/3YFbmmy
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Blockade
Blockade :anchor:️ is a lightweight package that adds optional security headers and cookie attributes for Node.js web frameworks.
Security HTTP headers and cookie attributes help enhance the security of your web application by enabling built-in browser security mechanisms.
Supported Node.js web frameworks:
AdonisJs , Express , Fastify , hapi , Koa , Meteor , Nest , Polka , restify , Sails , Total.js
Install
$ npm i blockade
After installing Blockade:
const blockade = require("blockade");
const secureHeaders = new blockade.SecureHeaders();
const secureCookie = new blockade.SecureCookie();
Secure Headers
Example
secureHeaders.framework(response);
Default HTTP response headers:
Strict-Transport-Security: max-age=63072000; includeSubdomains X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1; mode=block X-Content-Type-Options: nosniff Referrer-Policy: no-referrer, strict-origin-when-cross-origin Cache-control: no-cache, no-store, must-revalidate, max-age=0 Pragma: no-cache Expires: 0
Secure Cookie
Example
secureCookie.framework(response, "foo", "bar");
Default Set-Cookie HTTP response header:
Set-Cookie: foo=bar; Path=/; secure; HttpOnly; SameSite=lax
Documentation
Please see the full set of documentation at https://blockadejs.readthedocs.io
Resources
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK