@fastify/helmet Logo

@fastify/helmet

0
Free
Visit Website

Important security headers for Fastify. It is a tiny wrapper around helmet. Usage: Simply require this plugin, and the basic security headers will be set. const fastify = require('fastify')() const helmet = require('@fastify/helmet') fastify.register( helmet, // Example disables the `contentSecurityPolicy` middleware but keeps the rest. { contentSecurityPolicy: false } ) fastify.listen({ port: 3000 }, err => { if (err) throw err }) How it works: @fastify/helmet is a tiny wrapper around helmet that adds an 'onRequest' hook and a reply.helmet decorator. It accepts the same options as helmet, and you can see more in the helmet documentation. Apply Helmet to all your application routes: By passing { global: true } into the options, @fastify/helmet allows you to register Helmet for all your application routes by default. If you want a more granular control on how to apply Helmet to your application you can choose to disable it on a global scope by passing { global: false } to the options. By default, this option is set to true. Example - enable @fastify/helmet globally: fastify.register(helmet) // or fastify.register(helmet, { global: true })

FEATURES

ALTERNATIVES

FingerprintJS is a client-side browser fingerprinting library that provides a unique visitor identifier unaffected by incognito mode.

Hack with JavaScript XSS'OR tool for encoding/decoding and various XSS related functionalities.

A free online tool to scan for DOM-based XSS vulnerabilities in HTML, JavaScript, and CSS files.

A honeypot trap for Symfony2 forms to reduce spam submissions.

WackoPicko is a vulnerable website with known vulnerabilities, now available as a Docker image and included in the OWASP Broken Web Applications Project.

A free book providing design and implementation guidelines for writing secure programs in various languages.

FlowDroid is a context-, flow-, field-, object-sensitive and lifecycle-aware static taint analysis tool for Android applications.

IronBee is an open source project building a universal web application security sensor.