-
Notifications
You must be signed in to change notification settings - Fork 367
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Adding Origin-Agent-Cluster #286
Adding Origin-Agent-Cluster #286
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you very much for doing this! It looks great but needs a few small changes.
CHANGELOG.md
Outdated
@@ -1,5 +1,11 @@ | |||
# Changelog | |||
|
|||
## 4.3.2 - 2021-01-17 |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Could you change this heading to "unreleased"?
README.md
Outdated
@@ -45,6 +45,7 @@ app.use(helmet.noSniff()); | |||
app.use(helmet.permittedCrossDomainPolicies()); | |||
app.use(helmet.referrerPolicy()); | |||
app.use(helmet.xssFilter()); | |||
app.use(helmet.originAgentCluster()); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please remove this line because it's not enabled by default.
CHANGELOG.md
Outdated
|
||
### Added | ||
|
||
- `helmet.originAgentCluster`: disabled by default, set `true` enables it |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Please change this to:
- `helmet.originAgentCluster`: disabled by default, set `true` enables it | |
- `helmet.originAgentCluster`: a new middleware for the `Origin-Agent-Cluster` middleware, disabled by default |
README.md
Outdated
<details> | ||
<summary><code>helmet.originAgentCluster()</code></summary> | ||
|
||
`helmet.originAgentCluster` The Origin-Agent-Cluster header provides a mechanism to allow web applications to isolate their origins. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
`helmet.originAgentCluster` The Origin-Agent-Cluster header provides a mechanism to allow web applications to isolate their origins. | |
`helmet.originAgentCluster` sets the `Origin-Agent-Cluster` header, which provides a mechanism to allow web applications to isolate their origins. Read more about it [in the spec](https://whatpr.org/html/6214/origin.html#origin-keyed-agent-clusters). |
index.ts
Outdated
) | ||
) { | ||
throw new Error( | ||
"Helmet no longer supports `true` as a middleware option, exception is Origin-Agent-Cluster. Remove the property from your options to fix this error." |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
"Helmet no longer supports `true` as a middleware option, exception is Origin-Agent-Cluster. Remove the property from your options to fix this error." | |
"Helmet no longer supports `true` as a middleware option, except for Origin-Agent-Cluster. Remove the property from your options to fix this error." |
@EvanHahn |
Thank you so much! I've made some small cleanups in #287 and will deploy soon. |
This has been published in Feel free to add yourself to the contributors list, or let me know your name and URL and I can do it. |
Related to #275