Supported Frameworks¶
Framework Agnostic¶
secureHeaders.headers()
Example:
const secureHeaders = new blockade.SecureHeaders({ csp: true, feature: true });
return secureHeaders.headers()
Return Value:
{
'Strict-Transport-Security': 'max-age=63072000; includeSubdomains',
'X-Frame-Options': 'SAMEORIGIN',
'X-XSS-Protection': '1; mode=block',
'X-Content-Type-Options': 'nosniff',
'Content-Security-Policy': "script-src 'self'; object-src 'self'",
'Referrer-Policy': 'no-referrer, strict-origin-when-cross-origin',
Pragma: 'no-cache',
Expires: '0',
'Cache-control': 'no-cache, no-store, must-revalidate, max-age=0',
'Feature-Policy':
"accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'none'; usb 'none'; vr 'none'"
}
AdonisJs¶
Headers¶
secureHeaders.adonis(response)
Example:
const blockade = require("blockade");
const secureHeaders = new blockade.SecureHeaders();
class Blockade {
async handle({ response }, next) {
secureHeaders.adonis(response);
await next();
}
}
module.exports = Blockade;
Cookies¶
Coookies¶
ecureCookie.adonis(response, name, value)
Example:
const blockade = require("blockade");
const secureCookie = new blockade.SecureCookie();
. . .
Route.get("/blockade", ({ response }) => {
secureCookie.adonis(response, "foo", "bar");
response.send("Blockade");
});
. . .
Express¶
Headers¶
secureHeaders.express(res)
Example:
const express = require("express");
const blockade = require("blockade");
const app = express();
const port = 3000;
const secureHeaders = new blockade.SecureHeaders();
. . .
app.use(function(req, res, next) {
secureHeaders.express(res);
next();
});
. . .
Cookies¶
secureCookie.express(res, name, value)
Example:
const express = require("express");
const blockade = require("blockade");
const app = express();
const port = 3000;
const secureCookie = new blockade.SecureCookie();
. . .
app.get("/blockade", function(req, res) {
secureCookie.express(res, "foo", "bar");
res.send("blockade");
});
. . .
Fastify¶
Headers¶
secureHeaders.fastify(reply)
Example:
const fastify = require("fastify")();
const blockade = require("blockade");
const secureHeaders = new blockade.SecureHeaders();
. . .
fastify.addHook("preHandler", async (request, reply) => {
secureHeaders.fastify(reply);
});
. . .
Cookies¶
secureCookie.fastify(reply, name, value)
Example:
const fastify = require("fastify")();
const blockade = require("blockade");
const secureCookie = new blockade.SecureCookie();
. . .
fastify.get("/", function(request, reply) {
secureCookie.fastify(reply, "foo", "bar");
reply.send({ blockade: true });
});
. . .
hapi¶
Headers¶
secureHeaders.hapi(response)
Example:
const Hapi = require("hapi");
const blockade = require("blockade");
const secureHeaders = new blockade.SecureHeaders();
. . .
server.ext("onPreResponse", (request, h) => {
const response = request.response;
secureHeaders.hapi(response);
return response;
});
. . .
Cookies¶
secureCookie.hapi(h, name, value)
Example:
const Hapi = require("hapi");
const blockade = require("blockade");
const secureCookie = new blockade.SecureCookie();
. . .
server.route({
method: "GET",
path: "/blockade",
handler: function(request, h) {
secureCookie.hapi(h, "foo", "bar");
const response = h.response("blockade");
return response;
}
});
. . .
Koa¶
Headers¶
secureHeaders.koa(ctx)
Example:
const Koa = require("koa");
const blockade = require("blockade");
const secureHeaders = new blockade.SecureHeaders();
. . .
app.use(async (ctx, next) => {
await next();
secureHeaders.koa(ctx);
});
. . .
Cookies¶
secureCookie.koa(ctx, name, value)
Example:
const Koa = require("koa");
const app = new Koa();
const blockade = require("blockade");
const secureCookie = new blockade.SecureCookie();
. . .
app.use(async ctx => {
ctx.body = "Blockade";
secureCookie.koa(ctx, "foo", "bar");
});
. . .
Meteor¶
Headers¶
secureHeaders.meteor(res)
Example:
import { Meteor } from "meteor/meteor";
import { SecureHeaders } from "blockade";
const secureHeaders = new SecureHeaders({});
var connectHandler = WebApp.connectHandlers;
Meteor.startup(function() {
connectHandler.use(function(req, res, next) {
secureHeaders.meteor(res);
return next();
});
});
. . .
Cookies¶
Meteor does not support cookies naively, please see https://atmospherejs.com/?q=cookie for cookie support packages.
Nest¶
Headers¶
secureHeaders.nest(res)
Example:
import { SecureHeaders } from 'blockade';
const secureHeaders = new SecureHeaders({});
export function blockade(req, res, next) {
secureHeaders.nest(res);
next();
}
Cookies¶
secureCookie.nest(res, name, value)
Example:
import { Controller, Get, Post, Res, HttpStatus } from '@nestjs/common';
import { AppService } from './app.service';
import { SecureCookie, SameSite } from 'blockade';
const secureCookie = new SecureCookie({});
@Controller()
export class AppController {
constructor(private readonly appService: AppService) {}
@Get('blockade')
getHello(@Res() res): string {
secureCookie.nest(res, 'foo', 'bar');
return res.status(HttpStatus.OK).json([]);
}
}
Polka¶
Headers¶
secureHeaders.polka(res)
Example:
const polka = require("polka");
const blockade = require("blockade");
const secureHeaders = new blockade.SecureHeaders();
function headers(req, res, next) {
secureHeaders.polka(res);
next();
}
polka()
.use(headers)
.get("/", (req, res) => {
res.end(`Blockade`);
})
.listen(3000, err => {
if (err) throw err;
console.log(`> Running on localhost:3000`);
});
Cookies¶
secureCookie.polka(res, name, value)
Example:
const polka = require("polka");
const blockade = require("blockade");
const secureCookie = new blockade.SecureCookie();
polka()
.get("/", (req, res) => {
secureCookie.polka(res, "foo", "bar");
res.end(`Blockade`);
})
.listen(3000, err => {
if (err) throw err;
console.log(`> Running on localhost:3000`);
});
restify¶
Headers¶
secureHeaders.restify(res)
Example:
var restify = require("restify");
const blockade = require("blockade");
const secureHeaders = new blockade.SecureHeaders();
function respond(req, res, next) {
res.send("Blockade");
next();
}
function headers(req, res, next) {
secureHeaders.restify(res);
next();
}
. . .
var server = restify.createServer();
server.pre(headers);
server.get("/", respond);
Cookies¶
secureCookie.restify(res, name, value)
Example:
var restify = require("restify");
const blockade = require("blockade");
const secureCookie = new blockade.SecureCookie();
function respond(req, res, next) {
secureCookie.restify(res, "foo", "bar");
res.send("Blockade");
next();
}
. . .
var server = restify.createServer();
server.get("/", respond);
Sails¶
Headers¶
secureHeaders.sails(res)
Example:
const blockade = require("blockade");
const secureHeaders = new blockade.SecureHeaders();
module.exports.http = {
middleware: {
order: ["blockade"],
blockade: (function() {
return function(req, res, next) {
secureHeaders.sails(res);
return next();
};
})()
}
};
Cookies¶
secureCookie.sails(res, name, value)
Example:
const blockade = require("blockade");
const secureCookie = new blockade.SecureCookie();
module.exports = {
blockade: function(req, res) {
secureCookie.sails(res, "foo", "bar");
return res.send("Blockade");
}
};
Total.js¶
Headers¶
secureHeaders.total(response)
Example:
const blockade = require("blockade");
const secureHeaders = new blockade.SecureHeaders();
exports.install = function() {
ROUTE("/", view_index);
};
function view_index() {
var response = this;
secureHeaders.total(response);
response.view("index");
}
Cookies¶
secureCookie.total(response, name, value)
Example:
const blockade = require("blockade");
const secureCookie = new blockade.SecureCookie();
exports.install = function() {
ROUTE("/", view_index);
};
function view_index() {
var response = this;
secureCookie.total(response, "foo", "bar");
response.view("index");
}