Skip to content

tuftjs/helmet-prehandler

Repository files navigation

Helmet Prehandler

CI Coverage Status Known Vulnerabilities npm

Helmet Prehandler is a first-party extension for Tuft that acts as a simple wrapper for Helmet, the popular security middleware package for Express.

For detailed information on how Tuft prehandlers work, view the official documentation.

Installation

  $ npm install @tuft/helmet-prehandler

Usage

Import the named createHelmetPrehandler function, and then invoke it to create a Tuft prehandler that can be inserted into any Tuft application.

const { tuft } = require('tuft')
const { createHelmetPrehandler } = require('@tuft/helmet-prehandler')

const app = tuft({
  preHandlers: [createHelmetPrehandler()]
})

It accepts the same options as Helmet. By default, all 11 of Helmet's middleware functions are enabled:

  • contentSecurityPolicy
  • dnsPrefetchControl
  • expectCt
  • frameguard
  • hidePoweredBy
  • hsts
  • ieNoOpen
  • noSniff
  • permittedCrossDomainPolicies
  • referrerPolicy
  • xssFilter

To disable one of them, simply set it to false:

const app = tuft({
  preHandlers: [createHelmetPrehandler({
    contentSecurityPolicy: false
  })]
})

For detailed documentation on how each function works and the options that are accepted, please visit the official Helmet website.

People

The creator and maintainer of Helmet Prehandler is Stuart Kennedy.

Helmet is maintained by a team of contributors.

License

MIT