diff --git a/packages/express/README.md b/packages/express/README.md index ec73ae73a..8a7e09a35 100644 --- a/packages/express/README.md +++ b/packages/express/README.md @@ -35,6 +35,7 @@ You may use either `hops serve -p` or its equivalent `NODE_ENV=production hops s | `port` | `String` | `[PORT]` | _no_ | Specify the Port that Hops should listen on | | `distDir` | `String` | `'/dist'` | _no_ | The folder from which to serve static assets | | `gracePeriod` | `number` | `30000` | _no_ | Time to wait (in ms) until killing the server | +| `helmetConfig` | `Object` | `{}` | _no_ | Headers to set or overwrite in helmet | ##### `https` @@ -91,6 +92,10 @@ The amount of time (in milliseconds) to wait after receiving a [`SIGTERM`](https } ``` +##### `helmetConfig` + +The config to set security http headers via [helmet](https://helmetjs.github.io/). + #### Render Options This preset has no runtime configuration options. diff --git a/packages/express/mixins/mixin.core.js b/packages/express/mixins/mixin.core.js index ee6ebd234..152a126d1 100644 --- a/packages/express/mixins/mixin.core.js +++ b/packages/express/mixins/mixin.core.js @@ -37,9 +37,9 @@ class ExpressMixin extends Mixin { const express = require('express'); const mime = require('mime'); const cookieParser = require('cookie-parser'); - const { distDir } = this.config; + const { distDir, helmetConfig = {} } = this.config; middlewares.preinitial.push( - helmet({ contentSecurityPolicy: false }), + helmet({ contentSecurityPolicy: false, ...helmetConfig }), cookieParser() ); middlewares.files.push( diff --git a/packages/express/preset.js b/packages/express/preset.js index 63edcfb6e..12a1ca088 100644 --- a/packages/express/preset.js +++ b/packages/express/preset.js @@ -26,5 +26,8 @@ module.exports = { port: { oneOf: [{ type: 'string' }, { type: 'number' }] }, distDir: { type: 'string', minLength: 1, absolutePath: true }, gracePeriod: { type: 'number' }, + helmetConfig: { + type: 'object', + }, }, };