Miss any of our Open RFC calls?Watch the recordings here! »

This package has been deprecated

Author message:

No longer maintained.

fi-security

3.0.0 • Public • Published

Fi Security

Application security module for Node.js Express applications.

Installing

npm install --save fi-security

Usage

Initialization

You must call it with your Express' application instance, to attach the routes, and a configuration object. It's important to initialize the Express' session before you configure Fi Security:

var session = require('express-session');
var security = require('fi-security');
var express = require('express');
 
var app = express();
 
app.use(session());
 
security(app, config);
 
/* And now your routes... */
app.get('/', (req, res, next) => {
  //...
});

Configuration

The configuration Object must be pretty much like a Fi Aegis configuration Object, since this module is based on it.

  • debug: This option can be a Function to log with or a Boolean. If true it'll use console.log.
  • csrf: Same as Fi Aegis with the addition of the exclude property:
    • exclude: An array of routes with their method(s) and path(s) to be excluded from CSRF checks:
      • method: A single POST, PUT or DELETE method or an array of them. Empty means ALL.
      • path: A valid Express route path.
  • csp: Same as Fi Aegis.
  • xframe: Same as Fi Aegis.
  • hsts: Same as Fi Aegis.
  • nosniff: Same as Fi Aegis.
  • xssProtection: Same as Fi Aegis.
  • p3p: Same as Fi Aegis.

Example configuration

{
  debug: true,
 
  p3p: 'ABCDEF',
 
  csrf: {
    exclude: [{
      method: 'POST',
      path: '/no-csrf'
    }, {
      path: '/api/external'
    }]
  },
 
  xframe: 'DENY',
 
  xssProtection: {
    enabled: true
  },
 
  csp: {
    reportUri: 'https://example.com',
    policy: {
      'default-src': "'self'"
    }
  },
 
  hsts: {
    includeSubDomains: true,
    maxAge: 31536000
  },
 
  nosniff: true
}

Using with AngularJS

Just add this to your Fi Security configuration:

//...
 
csrf: {
  angular: true
  //...
}
 
//...

See this for more information regarding AngularJS' XSRF approach.

Install

npm i fi-security

DownloadsWeekly Downloads

4

Version

3.0.0

License

MIT

Unpacked Size

103 kB

Total Files

23

Last publish

Collaborators

  • avatar
  • avatar