http-helmet
easily add CSP and other security headers to your web application.
Bot releases are visible (Hide)
Published by github-actions[bot] about 1 month ago
Patch Changes
- f0a2ee3: feat: only allow using kebab or camel case, not both
Published by github-actions[bot] about 1 month ago
Minor Changes
-
9b7cc24: feat: filter out falsy values from csp
// before createContentSecurityPolicy({ "connect-src": [undefined, "'self'", undefined].filter((x): x is string => !!x), }); // => `"connect-src 'self'"` // after createContentSecurityPolicy({ "connect-src": [undefined, "'self'", null], }); // => `"connect-src 'self'"`
Patch Changes
-
9b7cc24: apply
upgrade-insecure-requestswhen using kebab case to set itpreviously was only applying the
upgrade-insecure-requestsdirective when using camelCase (upgradeInsecureRequests)
Published by github-actions[bot] 7 months ago
Patch Changes
-
c4b0b6a: allow using kebab case keys for csp
let secureHeaders = createSecureHeaders({ "Content-Security-Policy": { "default-src": ["'self'"], "img-src": ["'self'", "data:"], }, }); -
1cee380: allow setting Content-Security-Policy-Report-Only
let secureHeaders = createSecureHeaders({ "Content-Security-Policy-Report-Only": { "default-src": ["'self'"], "img-src": ["'self'", "data:"], }, });
Published by github-actions[bot] 9 months ago
Patch Changes
- 8e1c380: bump dependencies to latest versions
- 6919888: add nonce generation, context provider, and hook for React and Remix apps
Published by github-actions[bot] 10 months ago
Patch Changes
- ba87f33: add funding to package.json
Published by github-actions[bot] 10 months ago
Minor Changes
- 7b0c887: re-export types/functions remove deprecated
strictTransportSecurityin favor of renamedcreateStrictTransportSecurity - 7d1d570: use Headers global instead of the implementation from
@remix-run/web-fetch
Patch Changes
- d439533: add mergeHeaders utility to merge your exisiting headers with the ones created by createdSecureHeaders
- 12329f8: bump dependencies to latest versions
Published by github-actions[bot] 12 months ago
Minor Changes
- 0d92a95: stop publishing
@mcansh/remix-secure-headers
Published by github-actions[bot] 12 months ago
Patch Changes
-
b9372b6: chore: add support for more headers, add check to ensure we set them
may or may not have not actually been setting COEP, COOP, CORP, X-Content-Type-Options, X-DNS-Prefetch-Control headers 😬
-
Updated dependencies [b9372b6]
- @mcansh/[email protected]
Published by github-actions[bot] 12 months ago
Patch Changes
-
b9372b6: chore: add support for more headers, add check to ensure we set them
may or may not have not actually been setting COEP, COOP, CORP, X-Content-Type-Options, X-DNS-Prefetch-Control headers 😬
Published by github-actions[bot] about 1 year ago
Patch Changes
-
7d28c52: rename repo, publish with provenance
rename github repo, add repository property to package's package.json
publish with npm provenance
update example in README
-
Updated dependencies [7d28c52]
- @mcansh/[email protected]
Published by github-actions[bot] about 1 year ago
Patch Changes
-
7d28c52: rename repo, publish with provenance
rename github repo, add repository property to package's package.json
publish with npm provenance
update example in README
Published by github-actions[bot] about 1 year ago
Minor Changes
- 095ff81: rename package as it's for more than just remix
Patch Changes
- b199901: chore: improve typing for special quoted csp sources
- Updated dependencies [aea04b9]
- Updated dependencies [095ff81]
- @mcansh/[email protected]
Published by github-actions[bot] about 1 year ago
Minor Changes
- 095ff81: rename package as it's for more than just remix
Patch Changes
- aea04b9: chore(deps): bump to latest
Published by github-actions[bot] over 1 year ago
Patch Changes
-
c54871b: feat: add support for
X-XSS-Protectionx-ref: https://github.com/mcansh/remix-secure-headers/commit/3550e1142f32eb36cf5ba5eff1e42dbd1fbabcf1
-
c54871b: chore: update X-Frame-Options description so
<frame>,<iframe>,<embed>and<object>are properly renderedx-ref: https://github.com/mcansh/remix-secure-headers/commit/5d6e5a0453dede0e067253b41dba76c318acbb71
Published by mcansh over 1 year ago
What's Changed
- fix: upgrade-insecure-requests is a boolean by @mcansh in https://github.com/mcansh/remix-secure-headers/pull/6
Full Changelog: https://github.com/mcansh/remix-secure-headers/compare/0.7.0...v0.7.1
Published by mcansh over 1 year ago
Published by mcansh over 2 years ago
Changes
- chore: update export map so remix doesn't log a warning about this potentially being an esm only package: 8b267b57343af3cf7c01a7c0754f682df1ccf64e
- chore(deps): bump to latest, switch to pnpm :d13d7a4bd0afbe4198838eeb9ebab9e407c0c2f8
- chore: update scripts: d6419c3cb3041f693650e49b2a5a3ed097f9a433
Full Changelog: https://github.com/mcansh/remix-secure-headers/compare/0.6.1...0.6.2
Published by mcansh over 2 years ago
Published by mcansh over 2 years ago
Changes
- fix: build output: 2b39f60af86cdea0f15b36c9677f61e3e7aa2bfc
- fix: make mjs build be esm: 5bd71d595d6be66baf95e9203ffc0325bc1a17ec
Full Changelog: https://github.com/mcansh/remix-secure-headers/compare/0.5.0...0.6.0
Published by mcansh over 2 years ago
Changes
- feat: add Cross-Origin-Opener-Policy header: 795d954371c4de67129a96042e78c32cdddf6cb0)
- chore: remove unused import: 0ab8d3a074b8854f082053e04dbe47681d52655b)
- chore: make COOP optional: 68f4d54df6d152d4a902b962e4738780afafed0e
Full Changelog: https://github.com/mcansh/remix-secure-headers/compare/0.4.0...0.5.0