UNPKG

tezx

Version:

TezX is a high-performance, lightweight JavaScript framework designed for speed, scalability, and flexibility. It enables efficient routing, middleware management, and static file serving with minimal configuration. Fully compatible with Node.js, Deno, an

github.com/tezxjs/TezX/issues

tezxjs/TezX

79 lines (78 loc) 2.83 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
import { Context } from "../core/context.js"; import { Middleware } from "../types/index.js"; export type DynamicHeaderValue = string | ((ctx: Context) => string | undefined); export type SecurityHeaderOptions = { /** * 🔵 Content Security Policy header value * @default "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline';" * @example * contentSecurityPolicy: "default-src 'none'; script-src 'self' https://trusted.cdn.com" * contentSecurityPolicy: (ctx) => ctx.isAdmin ? "default-src 'self'" : "default-src 'none'" */ contentSecurityPolicy?: DynamicHeaderValue; /** * 🟢 Whether to set X-Frame-Options header (clickjacking protection) * @default true * @example * frameGuard: true // Always enable * frameGuard: (ctx) => !ctx.pathname.startsWith('/embed/') // Disable for embed routes */ frameGuard?: boolean | ((ctx: Context) => boolean); /** * 🟣 HTTP Strict Transport Security (HSTS) header * @default true * @example * hsts: true // Enable with 2 year duration * hsts: (ctx) => ctx.secure // Enable only for HTTPS */ hsts?: boolean | ((ctx: Context) => boolean); /** * 🟠 XSS Protection header * @default true * @example * xssProtection: false // Disable legacy XSS filter */ xssProtection?: boolean | ((ctx: Context) => boolean); /** * 🟡 X-Content-Type-Options header (MIME sniffing prevention) * @default true * @example * noSniff: false // Only disable if you have specific needs */ noSniff?: boolean | ((ctx: Context) => boolean); /** * 🔴 Referrer Policy header * @default "no-referrer" * @example * referrerPolicy: "strict-origin-when-cross-origin" */ referrerPolicy?: DynamicHeaderValue; /** * 🟤 Permissions Policy header (formerly Feature Policy) * @default "geolocation=(), microphone=(), camera=()" * @example * permissionsPolicy: "geolocation=(self 'https://example.com')" */ permissionsPolicy?: DynamicHeaderValue; }; /** * 🛡️ Comprehensive security headers middleware * * Sets multiple security-related HTTP headers with dynamic configuration. * All headers can be configured per-request using functions. * * @param {SecurityHeaderOptions} [options={}] - Configuration options * @returns {Middleware} Middleware function * * @example * // Basic usage with defaults * app.use(secureHeaders()); * * // Custom configuration * app.use(secureHeaders({ * contentSecurityPolicy: "default-src 'self'", * frameGuard: (ctx) => !ctx.isEmbedded, * referrerPolicy: "strict-origin-when-cross-origin" * })); */ export declare const secureHeaders: (options?: SecurityHeaderOptions) => Middleware;