Nightmarish Pawnshop Mystic

    fastify-hsts

    0.3.0 • Public • Published

    fastify-hsts

    Build Status Code coverage Code style Dependency Status Dev Dependency Status NPM version NPM downloads NPM license

    Fastify plugin for HTTP Strict Transport Security

    Why?

    You may know hsts as a hsts middleware used in helmet. And you could use it as a middleware in fastify also. So why i made this plugin?

    You may find the reason in benchmark result and wish you like it. :)

    Difference

    This plugin has passed all hsts test cases. But there are some differences to csp:

    • Will use default value if no maxAge option or it's invalid.
    • Will ignore setIf if it's not a function.

    Install

    Via npm:

    npm i fastify-hsts

    Via yarn:

    yarn add fastify-hsts

    Usage

    const fastify = require('fastify');
    const fastifyHsts = require('fastify-hsts');
     
    const app = fastify();
    app.register(fastifyHsts, {
      // Your options
    });
     
    app.listen(3000, err => {
      if (err) throw err;
    });

    Options

    This plugin has the same options as the middleware in helmet.

    maxAge {number}

    Set max-age in header. Default is 15552000 which means 180 days in seconds. Plugin will use default value if you passed in a non-numeric value.

    includeSubDomains {boolean}

    Set includeSubDomains value in header. Default is true. You could see more informations here for this value.

    includeSubdomains {boolean}

    Alias to includeSubDomains.

    preload {boolean}

    Set preload value in header. Default is false. You could see more informations here for this value.

    setIf {function}

    This plugin will always set the header since the header is ignored in insecure HTTP. But if you wish to set it conditionally, you could use this.

    app.register(fastifyHsts, {
      setIf: (request, reply) => {
        // request is the fastify request instance
        // reply is the fastify reply instance
        // should return a truly value for setting header
      }
    });

    Changelog

    • 0.3.0
      • Use hsts test cases
    • 0.2.0
      • Add test case
      • Add code coverage
      • Add benchmarks
    • 0.1.0
      • Init version

    Install

    npm i fastify-hsts

    DownloadsWeekly Downloads

    7

    Version

    0.3.0

    License

    MIT

    Unpacked Size

    7.01 kB

    Total Files

    4

    Last publish

    Collaborators

    • poppinl