Pluggable X-XSS-Protection header functionality for turbo-http based servers
const xxss = require('@turbo-tools/x-xss')
Does set the X-XSS-Protection
header. A report uri can be set to that gets
called on violations.
For more information on the X-XSS-Protection header and report formats, please consult the MDN page
const xxss = require('@turbo-tools/x-xss')
xxss(response)
const http = require('turbo-http')
const xxss = require('@turbo-tools/x-xss')
// Create server
const server = http.createServer(function (req, res) {
const text = 'X-XSS protection set'
xxss(response, 'https://my-domain.org/xss-report')
res.statusCode = 200
res.setHeader('Content-Length', text.length)
res.write(Buffer.from(text))
})
// Listen
server.listen(3000)
npm install @turbo-tools/x-xss --save
All tests are contained in the test.js file, and written using Jest
Run them:
npm test
If you´d like to get the coverage data in addition to runnign the tests, use:
npm run test-coverage
- NPM - Dependency Management
- Commitizen - Easy semantic commit messages
- Jest - Easy tests
- Semantic Release - Easy software releases
Please read CONTRIBUTING.md for details on the process for submitting pull requests to us, and CODE_OF_CONDUCT.md for details on the code of conduct.
We use SemVer for versioning. For the versions available, see the tags on this repository.
- Sebastian Golasch - Initial work - asciidisco
See also the list of contributors who participated in this project.
This project is licensed under the MIT License - see the LICENSE.md file for details
- Hat tip to @mafintosh for building turbo-net and turbo-http