Helmet Prehandler is a first-party extension for Tuft that acts as a simple wrapper for Helmet, the popular security middleware package for Express.
For detailed information on how Tuft prehandlers work, view the official documentation.
$ npm install @tuft/helmet-prehandler
Import the named createHelmetPrehandler
function, and then invoke it to create a Tuft prehandler that can be inserted into any Tuft application.
const { tuft } = require('tuft')
const { createHelmetPrehandler } = require('@tuft/helmet-prehandler')
const app = tuft({
preHandlers: [createHelmetPrehandler()]
})
It accepts the same options as Helmet. By default, all 11 of Helmet's middleware functions are enabled:
contentSecurityPolicy
dnsPrefetchControl
expectCt
frameguard
hidePoweredBy
hsts
ieNoOpen
noSniff
permittedCrossDomainPolicies
referrerPolicy
xssFilter
To disable one of them, simply set it to false
:
const app = tuft({
preHandlers: [createHelmetPrehandler({
contentSecurityPolicy: false
})]
})
For detailed documentation on how each function works and the options that are accepted, please visit the official Helmet website.
The creator and maintainer of Helmet Prehandler is Stuart Kennedy.
Helmet is maintained by a team of contributors.