Skip to content
This repository has been archived by the owner. It is now read-only.

General purpose I/O module to add following http headers to keep your webpages securing them from malware attacks. This module can be used with any node http server.

develop
Go to file
Code

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
Jan 10, 2016
Jan 10, 2016
Jan 10, 2016
Jan 10, 2016
Jan 10, 2016

readme.md

Node Guard

Coverage Status License

General purpose I/O module to add following http headers to keep your webpages securing them from malware attacks. This module can be used with any node http server.

X-XSS-Protection

X-XSS-Protection http header saves you from XSS attacks. node-guard will set up X-XSS-Protection header on all modern browsers and will disable it for older versions of IE as they have security vulnerabilities defined here https://technet.microsoft.com/library/security/ms10-002.

const http = require('http')
const guard = require('node-guard')
const options = {
  enabled: true,
  enableOnOldIE: false
}

http.createServer(function (req, res) {
  guard.addXssFilter(req, res, options)
  res.end()
}).listen(3000)

X-Frame-Options

X-Frame-Options defines whether your webpage can be embedded as an iframe to other website. It can take 3 different values from ALLOW-FROM, DENY and SAMEORIGIN

const http = require('http')
const guard = require('node-guard')
const options = 'DENY' // cannot be embedded at all
// or
const options = 'SAMEORIGIN' // only this website
// or
const options = 'ALLOW-FROM http://example.com' // defined uri

http.createServer(function (req, res) {
  guard.addFrameOptions(res, options)
  res.end()
}).listen(3000)

X-Content-Type-Options

X-Content-Type-Options disables sniffing from web browsers, where they will try to sniff mimetypes. Which means a web browser will execute the javascript file even if the content-type of that file is not set to javascript. Give it a read https://miki.it/blog/2014/7/8/abusing-jsonp-with-rosetta-flash/

const http = require('http')
const guard = require('node-guard')
const options = true // or false

http.createServer(function (req, res) {
  guard.addNoSniff(res, options)
  res.end()
}).listen(3000)

X-Download-Options

IE specific header to stop users from executing html files with the access to your site context. Here is a good read on same https://blogs.msdn.microsoft.com/ie/2008/07/02/ie8-security-part-v-comprehensive-protection/.

const http = require('http')
const guard = require('node-guard')
const options = true // or false

http.createServer(function (req, res) {
  guard.addNoOpen(res, options)
  res.end()
}).listen(3000)

About

General purpose I/O module to add following http headers to keep your webpages securing them from malware attacks. This module can be used with any node http server.

Resources

Releases

No releases published

Packages

No packages published
You can’t perform that action at this time.