UNPKG

helmet/index.js

Version:

2.42 kBJavaScriptView Raw

1var deprecate = require('depd')('helmet')
2
3var DEFAULT_MIDDLEWARE = [
4  'dnsPrefetchControl',
5  'frameguard',
6  'hidePoweredBy',
7  'hsts',
8  'ieNoOpen',
9  'noSniff',
10  'xssFilter'
11]
12
13var middlewares
14function helmet (options) {
15  options = options || {}
16
17  if (options.constructor.name === 'IncomingMessage') {
18    throw new Error('It appears you have done something like `app.use(helmet)`, but it should be `app.use(helmet())`.')
19  }
20
21  var stack = middlewares.reduce(function (result, middlewareName) {
22    var middleware = helmet[middlewareName]
23    var middlewareOptions = options[middlewareName]
24    var isDefault = DEFAULT_MIDDLEWARE.indexOf(middlewareName) !== -1
25
26    if (middlewareOptions === false) {
27      return result
28    } else if (middlewareOptions === true) {
29      middlewareOptions = {}
30    }
31
32    if (middlewareOptions != null) {
33      return result.concat(middleware(middlewareOptions))
34    } else if (isDefault) {
35      return result.concat(middleware({}))
36    }
37    return result
38  }, [])
39
40  return function helmet (req, res, next) {
41    var index = 0
42
43    function internalNext () {
44      if (arguments.length > 0) { return next.apply(null, arguments) }
45
46      var middleware = stack[index]
47      if (!middleware) { return next() }
48
49      index++
50
51      middleware(req, res, internalNext)
52    }
53
54    internalNext()
55  }
56}
57
58helmet.contentSecurityPolicy = require('helmet-csp')
59helmet.dnsPrefetchControl = require('dns-prefetch-control')
60helmet.expectCt = require('expect-ct')
61helmet.featurePolicy = require('feature-policy')
62helmet.frameguard = require('frameguard')
63helmet.hidePoweredBy = require('hide-powered-by')
64helmet.hsts = require('hsts')
65helmet.ieNoOpen = require('ienoopen')
66helmet.noSniff = require('dont-sniff-mimetype')
67helmet.permittedCrossDomainPolicies = require('helmet-crossdomain')
68helmet.referrerPolicy = require('referrer-policy')
69helmet.xssFilter = require('x-xss-protection')
70
71helmet.hpkp = deprecate.function(require('hpkp'), 'helmet.hpkp is deprecated and will be removed in helmet@4. You can use the `hpkp` module instead. For more, see https://github.com/helmetjs/helmet/issues/180.')
72helmet.noCache = deprecate.function(require('nocache'), 'helmet.noCache is deprecated and will be removed in helmet@4. You can use the `nocache` module instead. For more, see https://github.com/helmetjs/helmet/issues/215.')
73
74middlewares = Object.keys(helmet)
75
76module.exports = helmet

1	`var deprecate = require('depd')('helmet')`
2
3	`var DEFAULT_MIDDLEWARE = [`
4	`'dnsPrefetchControl',`
5	`'frameguard',`
6	`'hidePoweredBy',`
7	`'hsts',`
8	`'ieNoOpen',`
9	`'noSniff',`
10	`'xssFilter'`
11	`]`
12
13	`var middlewares`
14	`function helmet (options) {`
15	`options = options \|\| {}`
16
17	`if (options.constructor.name === 'IncomingMessage') {`
18	throw new Error('It appears you have done something like `app.use(helmet)`, but it should be `app.use(helmet())`.')
19	`}`
20
21	`var stack = middlewares.reduce(function (result, middlewareName) {`
22	`var middleware = helmet[middlewareName]`
23	`var middlewareOptions = options[middlewareName]`
24	`var isDefault = DEFAULT_MIDDLEWARE.indexOf(middlewareName) !== -1`
25
26	`if (middlewareOptions === false) {`
27	`return result`
28	`} else if (middlewareOptions === true) {`
29	`middlewareOptions = {}`
30	`}`
31
32	`if (middlewareOptions != null) {`
33	`return result.concat(middleware(middlewareOptions))`
34	`} else if (isDefault) {`
35	`return result.concat(middleware({}))`
36	`}`
37	`return result`
38	`}, [])`
39
40	`return function helmet (req, res, next) {`
41	`var index = 0`
42
43	`function internalNext () {`
44	`if (arguments.length > 0) { return next.apply(null, arguments) }`
45
46	`var middleware = stack[index]`
47	`if (!middleware) { return next() }`
48
49	`index++`
50
51	`middleware(req, res, internalNext)`
52	`}`
53
54	`internalNext()`
55	`}`
56	`}`
57
58	`helmet.contentSecurityPolicy = require('helmet-csp')`
59	`helmet.dnsPrefetchControl = require('dns-prefetch-control')`
60	`helmet.expectCt = require('expect-ct')`
61	`helmet.featurePolicy = require('feature-policy')`
62	`helmet.frameguard = require('frameguard')`
63	`helmet.hidePoweredBy = require('hide-powered-by')`
64	`helmet.hsts = require('hsts')`
65	`helmet.ieNoOpen = require('ienoopen')`
66	`helmet.noSniff = require('dont-sniff-mimetype')`
67	`helmet.permittedCrossDomainPolicies = require('helmet-crossdomain')`
68	`helmet.referrerPolicy = require('referrer-policy')`
69	`helmet.xssFilter = require('x-xss-protection')`
70
71	helmet.hpkp = deprecate.function(require('hpkp'), 'helmet.hpkp is deprecated and will be removed in helmet@4. You can use the `hpkp` module instead. For more, see https://github.com/helmetjs/helmet/issues/180.')
72	helmet.noCache = deprecate.function(require('nocache'), 'helmet.noCache is deprecated and will be removed in helmet@4. You can use the `nocache` module instead. For more, see https://github.com/helmetjs/helmet/issues/215.')
73
74	`middlewares = Object.keys(helmet)`
75
76	`module.exports = helmet`