index.js
2.18 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
var deprecate = require('depd')('helmet')
var DEFAULT_MIDDLEWARE = [
'dnsPrefetchControl',
'frameguard',
'hidePoweredBy',
'hsts',
'ieNoOpen',
'noSniff',
'xssFilter'
]
var middlewares
function helmet (options) {
options = options || {}
if (options.constructor.name === 'IncomingMessage') {
throw new Error('It appears you have done something like `app.use(helmet)`, but it should be `app.use(helmet())`.')
}
var stack = middlewares.reduce(function (result, middlewareName) {
var middleware = helmet[middlewareName]
var middlewareOptions = options[middlewareName]
var isDefault = DEFAULT_MIDDLEWARE.indexOf(middlewareName) !== -1
if (middlewareOptions === false) {
return result
} else if (middlewareOptions === true) {
middlewareOptions = {}
}
if (middlewareOptions != null) {
return result.concat(middleware(middlewareOptions))
} else if (isDefault) {
return result.concat(middleware({}))
}
return result
}, [])
return function helmet (req, res, next) {
var index = 0
function internalNext () {
if (arguments.length > 0) { return next.apply(null, arguments) }
var middleware = stack[index]
if (!middleware) { return next() }
index++
middleware(req, res, internalNext)
}
internalNext()
}
}
helmet.contentSecurityPolicy = require('helmet-csp')
helmet.dnsPrefetchControl = require('dns-prefetch-control')
helmet.expectCt = require('expect-ct')
helmet.featurePolicy = require('feature-policy')
helmet.frameguard = require('frameguard')
helmet.hidePoweredBy = require('hide-powered-by')
helmet.hsts = require('hsts')
helmet.ieNoOpen = require('ienoopen')
helmet.noCache = require('nocache')
helmet.noSniff = require('dont-sniff-mimetype')
helmet.permittedCrossDomainPolicies = require('helmet-crossdomain')
helmet.referrerPolicy = require('referrer-policy')
helmet.xssFilter = require('x-xss-protection')
helmet.hpkp = deprecate.function(require('hpkp'), 'helmet.hpkp is deprecated and will be removed in helmet@4. You can use the `hpkp` module instead. For more, see https://github.com/helmetjs/helmet/issues/180.')
middlewares = Object.keys(helmet)
module.exports = helmet