Blockade
Implement secure headers and cookies in Node.js web frameworks to enhance application security
Install / Use
/learn @TypeError/BlockadeREADME
Blockade
Blockade ⚓️ is a lightweight package that adds optional security headers and cookie attributes for Node.js web frameworks.
Security HTTP headers and cookie attributes help enhance the security of your web application by enabling built-in browser security mechanisms.
Supported Node.js web frameworks:
AdonisJs, Express, Fastify, hapi, Koa, Meteor, Nest, Polka, restify, Sails, Total.js
Install
$ npm i blockade
After installing Blockade:
const blockade = require("blockade");
const secureHeaders = new blockade.SecureHeaders();
const secureCookie = new blockade.SecureCookie();
Secure Headers
Example
secureHeaders.framework(response);
Default HTTP response headers:
Strict-Transport-Security: max-age=63072000; includeSubdomains
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Referrer-Policy: no-referrer, strict-origin-when-cross-origin
Cache-control: no-cache, no-store, must-revalidate, max-age=0
Pragma: no-cache
Expires: 0
Secure Cookie
Example
secureCookie.framework(response, "foo", "bar");
Default Set-Cookie HTTP response header:
Set-Cookie: foo=bar; Path=/; secure; HttpOnly; SameSite=lax
Documentation
Please see the full set of documentation at https://blockadejs.readthedocs.io
