Skip to content

Commit

Permalink
Merge pull request #86 from gpinto67/gpinto/Cross-Origin-Headers
Browse files Browse the repository at this point in the history 
feat(issue#85): add support for cross-origin headers
  • Loading branch information
@venables
venables authored Nov 12, 2024
2 parents eebe047 + 05b4a96 commit 47a6c69
Show file tree
Hide file tree
Showing 2 changed files with 25 additions and 1 deletion.
5 changes: 4 additions & 1 deletion koa-helmet.d.ts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -8,7 +8,7 @@
import helmet from 'helmet';
import { Middleware, Context } from 'koa';

type HelmetOptions = Required<Parameters<typeof helmet>>[0];
type HelmetOptions = helmet.HelmetOptions;

declare namespace koaHelmet {
type KoaHelmetContentSecurityPolicyDirectiveFunction = (req?: Context["req"], res?: Context["res"]) => string;
Expand Down Expand Up @@ -50,6 +50,9 @@ declare namespace koaHelmet {
interface KoaHelmet {
(options?: HelmetOptions): Middleware;
contentSecurityPolicy(options?: KoaHelmetContentSecurityPolicyConfiguration): Middleware;
crossOriginEmbedderPolicy(options?: HelmetOptions['crossOriginEmbedderPolicy']): Middleware;
crossOriginOpenerPolicy(options?: HelmetOptions['crossOriginOpenerPolicy']): Middleware;
crossOriginResourcePolicy(options?: HelmetOptions['crossOriginResourcePolicy']): Middleware;
dnsPrefetchControl(options?: HelmetOptions['dnsPrefetchControl']): Middleware;
expectCt(options?: HelmetOptions['expectCt']): Middleware;
frameguard(options?: HelmetOptions['frameguard']): Middleware;
Expand Down
21 changes: 21 additions & 0 deletions test/koa-helmet.spec.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,6 +19,15 @@ test('it works with the default helmet call', t => {
// contentSecurityPolicy
.expect('Content-Security-Policy', 'default-src \'self\';base-uri \'self\';font-src \'self\' https: data:;form-action \'self\';frame-ancestors \'self\';img-src \'self\' data:;object-src \'none\';script-src \'self\';script-src-attr \'none\';style-src \'self\' https: \'unsafe-inline\';upgrade-insecure-requests')

// crossOriginEmbedderPolicy
.expect('Cross-Origin-Embedder-Policy', 'require-corp')

// crossOriginOpenerPolicy
.expect('Cross-Origin-Opener-Policy', 'same-origin')

// crossOriginResourcePolicy
.expect('Cross-Origin-Resource-Policy', 'same-origin')

// dnsPrefetchControl
.expect('X-DNS-Prefetch-Control', 'off')

Expand Down Expand Up @@ -59,6 +68,9 @@ test('it sets individual headers properly', t => {
})
);
app.use(helmet.contentSecurityPolicy());
app.use(helmet.crossOriginEmbedderPolicy());
app.use(helmet.crossOriginOpenerPolicy());
app.use(helmet.crossOriginResourcePolicy());
app.use(
helmet.dnsPrefetchControl({
allow: false,
Expand All @@ -82,6 +94,15 @@ test('it sets individual headers properly', t => {
// contentSecurityPolicy
.expect('Content-Security-Policy', 'default-src \'self\';base-uri \'self\';font-src \'self\' https: data:;form-action \'self\';frame-ancestors \'self\';img-src \'self\' data:;object-src \'none\';script-src \'self\';script-src-attr \'none\';style-src \'self\' https: \'unsafe-inline\';upgrade-insecure-requests')

// crossOriginEmbedderPolicy
.expect('Cross-Origin-Embedder-Policy', 'require-corp')

// crossOriginOpenerPolicy
.expect('Cross-Origin-Opener-Policy', 'same-origin')

// crossOriginResourcePolicy
.expect('Cross-Origin-Resource-Policy', 'same-origin')

// dnsPrefetchControl
.expect('X-DNS-Prefetch-Control', 'off')

Expand Down

0 comments on commit 47a6c69

Please sign in to comment.