Sign Up for Free

RunKit +

Try any Node.js package right in your browser

This is a playground to test code. It runs a full Node.js environment and already has all of npm’s 1,000,000+ packages pre-installed, including @skazka/server-helmet with all npm packages installed. Try it out:

require("@skazka/server-express/package.json"); // @skazka/server-express is a peer dependency. require("@skazka/server-module/package.json"); // @skazka/server-module is a peer dependency. require("debug/package.json"); // debug is a peer dependency. var serverHelmet = require("@skazka/server-helmet")

This service is provided by RunKit and is not affiliated with npm, Inc or the package authors.

@skazka/server-helmet v0.0.9

Server helmet

Server Helmet

It helps to secure your Skazka server by setting various HTTP headers.

NPM

How to install

npm i @skazka/server @skazka/server-helmet

With yarn:

yarn add @skazka/server @skazka/server-helmet

Optionally you can add http server, error handler, logger, router, request and response:

npm i @skazka/server-http @skazka/server-router @skazka/server-error @skazka/server-logger @skazka/server-request @skazka/server-response

With yarn:

yarn add @skazka/server-http @skazka/server-router @skazka/server-error @skazka/server-logger @skazka/server-request @skazka/server-response

How to use

const App = require('@skazka/server');
const Router = require('@skazka/server-router');

const helmet = require('@skazka/server-helmet');
        
const error = require('@skazka/server-error');
const logger = require('@skazka/server-logger');

const request = require('@skazka/server-request');
const response = require('@skazka/server-response');
        
const server = require('@skazka/server-http');
        
const app = new App();
const router = new Router();
        
app.all([
  error(),
  logger(),
  request(),
  response(),
  helmet(),
]);
    
app.then(async (ctx) => {
  // it works for each request
});
    
router.get('/data').then(async (ctx) => {
  return ctx.response('data'); 
});
        
app.then(router.resolve());
        
server.createHttpServer(app);

Or with options:

app.all([
  helmet({
    frameguard: false,
    ...
  })
]);

You can also use its pieces individually:

 app.all([
   helmet.contentSecurityPolicy({
     directives: {
       defaultSrc: ["'self'", 'default.com'],
     },
   }),
   helmet.dnsPrefetchControl(),
   helmet.expectCt(),
   helmet.featurePolicy({
     features: {
       fullscreen: ['"self"'],
     },
   }),
   helmet.frameguard(),
   helmet.hidePoweredBy(),
   helmet.hpkp({
     maxAge: 7776000,
     sha256s: ['AbCdEf123=', 'ZyXwVu456='],
   }),
   helmet.hsts({
     maxAge: 7776000,
   }),
   helmet.ieNoOpen(),
   helmet.noCache(),
   helmet.noSniff(),
   helmet.permittedCrossDomainPolicies(),
   helmet.referrerPolicy(),
   helmet.xssFilter(),
 ]);

How it works

Helmet is a collection of 14 smaller middleware functions that set HTTP response headers. Running app.than(helmet()) will not include all of these middleware functions by default.

ModuleDefault?
contentSecurityPolicy for setting Content Security Policy
crossdomain for handling Adobe products' crossdomain requests
dnsPrefetchControl controls browser DNS prefetching
expectCt for handling Certificate Transparency
featurePolicy to limit your site's features
frameguard to prevent clickjacking
hidePoweredBy to remove the X-Powered-By header
hpkp for HTTP Public Key Pinning
hsts for HTTP Strict Transport Security
ieNoOpen sets X-Download-Options for IE8+
noCache to disable client-side caching
noSniff to keep clients from sniffing the MIME type
referrerPolicy to hide the Referer header
xssFilter adds some small XSS protections

You can see more in the documentation.

RunKit is a free, in-browser JavaScript dev environment for prototyping Node.js code, with every npm package installed. Sign up to share your code.
Sign Up for Free