Skip to main content

latest

easily add CSP and other security headers to your web application.

Works with
This package works with Bun
This package works with Cloudflare Workers
This package works with Node.js
This package works with Deno
This package works with Browsers
JSR Score
70%
Published
3 months ago (0.10.2)

HTTP Helmet

easily add CSP and other security headers to your web application.

Install

# npm
npm i @mcansh/http-helmet

Usage

basic example using hono

import crypto from "node:crypto";

import { serve } from "@hono/node-server";
import { Hono } from "hono";
import { createSecureHeaders } from "@mcansh/http-helmet";

const app = new Hono();

let html = String.raw;

app.get("/", () => {
  let nonce = crypto.randomBytes(16).toString("base64");

  let headers = createSecureHeaders({
    "Content-Security-Policy": {
      defaultSrc: ["'self'"],
      scriptSrc: ["'self'", `'nonce-${nonce}'`],
    },
  });

  headers.append("Content-Type", "text/html; charset=utf-8");

  return new Response(
    html`
      <!doctype html>
      <html lang="en">
        <head>
          <meta charset="UTF-8" />
          <meta
            name="viewport"
            content="width=device-width, initial-scale=1.0"
          />
          <title>Hello World</title>
        </head>
        <body>
          <h1>Hello World</h1>

          <script nonce="${nonce}">
            console.log("nonce configured");
          </script>

          <script>
            alert("nonce not configured");
          </script>
        </body>
      </html>
    `,
    { headers },
  );
});

serve(app, (info) => {
  console.log(`✅ app ready: http://${info.address}:${info.port}`);
});

Add Package

deno add @mcansh/http-helmet

Import symbol

import * as mod from "@mcansh/http-helmet";

Add Package

npx jsr add @mcansh/http-helmet

Import symbol

import * as mod from "@mcansh/http-helmet";

Add Package

yarn dlx jsr add @mcansh/http-helmet

Import symbol

import * as mod from "@mcansh/http-helmet";

Add Package

pnpm dlx jsr add @mcansh/http-helmet

Import symbol

import * as mod from "@mcansh/http-helmet";

Add Package

bunx jsr add @mcansh/http-helmet

Import symbol

import * as mod from "@mcansh/http-helmet";