Using Helmet middlewares in your Felid app to help improving security.
npm install felid-helmetor
yarn add felid-helmetconst Felid = require('felid')
const helmet = require('felid-helmet')
const app = new Felid()
app.plugin(helmet, options)The following table displays all middlewares in Helmet, and the default ones. (Data comes from Helmet's doc)
| Module | Default? |
|---|---|
| contentSecurityPolicy for setting Content Security Policy | |
| crossdomain for handling Adobe products' crossdomain requests | |
| dnsPrefetchControl controls browser DNS prefetching | ✓ |
| expectCt for handling Certificate Transparency | |
| featurePolicy to limit your site's features | |
| frameguard to prevent clickjacking | ✓ |
| hidePoweredBy to remove the X-Powered-By header | ✓ |
| hpkp for HTTP Public Key Pinning | |
| hsts for HTTP Strict Transport Security | ✓ |
| ieNoOpen sets X-Download-Options for IE8+ | ✓ |
| noCache to disable client-side caching | |
| noSniff to keep clients from sniffing the MIME type | ✓ |
| referrerPolicy to hide the Referer header | |
| xssFilter adds some small XSS protections | ✓ |
Pass an option to the middleware:
app.use(helmet, {
xssFilter: { mode: null }
})Disable a default middleware:
app.use(helmet, { xssFilter: false })To enable a middleware, you can set the property to true (and use the default option), or just pass the option to it.
app.use(helmet, {
expectCt: { maxAge: 123 },
hpkp: true
})For more information, please check the official documentation of Helmet.