UNPKG

ienoopen

Version:

Middleware to set `X-Download-Options` header for IE8 security

helmetjs.github.io/docs/ienoopen/

helmetjs/helmet

13 lines (8 loc) 798 B
1
2
3
4
5
6
7
8
9
10
11
12
13
# X-Download-Options middleware This middleware sets the `X-Download-Options` header to `noopen` to prevent Internet Explorer users from executing downloads in your site's context. ```javascript const ienoopen = require("ienoopen"); app.use(ienoopen()); ``` Some web applications will serve untrusted HTML for download. By default, some versions of IE will allow you to open those HTML files _in the context of your site_, which means that an untrusted HTML page could start doing bad things in the context of your pages. For more, see [this MSDN blog post](http://blogs.msdn.com/b/ie/archive/2008/07/02/ie8-security-part-v-comprehensive-protection.aspx). This is pretty obscure, fixing a small bug on IE only. No real drawbacks other than performance/bandwidth of setting the headers, though.