Fastify plugin for HTTP Strict Transport Security
You may know hsts as a hsts middleware used in helmet. And you could use it as a middleware in fastify also. So why i made this plugin?
You may find the reason in benchmark result and wish you like it. :)
This plugin has passed all hsts test cases. But there are some differences to it:
- Will use default value if no
maxAge
option or it's invalid. - Will ignore
setIf
if it's not a function.
Via npm:
npm i fastify-hsts
Via yarn:
yarn add fastify-hsts
const fastify = require('fastify');
const fastifyHsts = require('fastify-hsts');
const app = fastify();
app.register(fastifyHsts, {
// Your options
});
app.listen(3000, err => {
if (err) throw err;
});
This plugin has the same options as the middleware in helmet.
Set max-age
in header. Default is 15552000
which means 180 days in seconds. Plugin will use default value if you passed in a non-numeric value.
Set includeSubDomains
value in header. Default is true
. You could see more informations here for this value.
Alias to includeSubDomains
.
Set preload
value in header. Default is false
. You could see more informations here for this value.
This plugin will always set the header since the header is ignored in insecure HTTP. But if you wish to set it conditionally, you could use this.
app.register(fastifyHsts, {
setIf: (request, reply) => {
// request is the fastify request instance
// reply is the fastify reply instance
// should return a truly value for setting header
}
});
- 0.3.0
- Use hsts test cases
- 0.2.0
- Add test case
- Add code coverage
- Add benchmarks
- 0.1.0
- Init version