Skip to content

poppinlp/fastify-hpkp

Repository files navigation

fastify-hpkp

Build Status Code coverage Code style Dependency Status Dev Dependency Status NPM version NPM downloads NPM license

Fastify plugin to set the Public-Key-Pins header

Why?

You may know hpkp as a hpkp middleware used in helmet. And you could use it as a middleware in fastify also. So why i made this plugin?

You may find the reason in benchmark result and wish you like it. :)

Difference

This plugin has passed all hpkp test cases. And no difference in options.

Install

Via npm:

npm i fastify-hpkp

Via yarn:

yarn add fastify-hpkp

Usage

const fastify = require('fastify');
const fastifyHpkp = require('fastify-hpkp');

const app = fastify();
app.register(fastifyHpkp, {
  maxAge: 30 * 24 * 60 * 60, // 30 days in seconds
  sha256s: ['AbCdEf123=', 'ZyXwVu456='],
  // e.t.c
});

app.listen(3000, err => {
  if (err) throw err;
});

Options

This plugin has the same options as the middleware in helmet. To learn more, you may check out the spec or MDN doc.

maxAge {number}

This option is required.

Set max-age in header. Should be a nonnegative number.

sha256s {array}

This option is required.

Should be a array with at least 2 SHA-256 string(one actually used and another kept as a backup).

includeSubDomains {boolean}

Set includeSubDomains value in header. Default is false.

includeSubdomains {boolean}

Alias of includeSubDomains.

reportUri {string}

Set reportUri value in header. Default is empty.

reportOnly {boolean}

Set this option to true will change the header from Public-Key-Pins to Public-Key-Pins-Report-Only.

setIf {function}

This plugin will always set the header. But if you wish to set it conditionally, you could use this.

app.register(fastifyHsts, {
  setIf: (request, reply) => {
    // request is the fastify request instance
    // reply is the fastify reply instance
    // should return a truly value for setting header
  }
});

Changelog

  • 0.3.0
    • Use all hpkp middleware test cases
    • Update dependencies
  • 0.2.0
    • Add test case
    • Add code coverage
    • Add benchmarks
  • 0.1.0:
    • Init version

About

Fastify plugin to set the Public-Key-Pins header

Topics

Resources

License

Stars

Watchers

Forks

Packages

No packages published