Fastify plugin to set the Public-Key-Pins header
You may know hpkp as a hpkp middleware used in helmet. And you could use it as a middleware in fastify also. So why i made this plugin?
You may find the reason in benchmark result and wish you like it. :)
This plugin has passed all hpkp test cases. And no difference in options.
Via npm:
npm i fastify-hpkpVia yarn:
yarn add fastify-hpkpconst fastify = require('fastify');
const fastifyHpkp = require('fastify-hpkp');
const app = fastify();
app.register(fastifyHpkp, {
maxAge: 30 * 24 * 60 * 60, // 30 days in seconds
sha256s: ['AbCdEf123=', 'ZyXwVu456='],
// e.t.c
});
app.listen(3000, err => {
if (err) throw err;
});This plugin has the same options as the middleware in helmet. To learn more, you may check out the spec or MDN doc.
This option is required.
Set max-age in header. Should be a nonnegative number.
This option is required.
Should be a array with at least 2 SHA-256 string(one actually used and another kept as a backup).
Set includeSubDomains value in header. Default is false.
Alias of includeSubDomains.
Set reportUri value in header. Default is empty.
Set this option to true will change the header from Public-Key-Pins to Public-Key-Pins-Report-Only.
This plugin will always set the header. But if you wish to set it conditionally, you could use this.
app.register(fastifyHsts, {
setIf: (request, reply) => {
// request is the fastify request instance
// reply is the fastify reply instance
// should return a truly value for setting header
}
});- 0.3.0
- Use all hpkp middleware test cases
- Update dependencies
- 0.2.0
- Add test case
- Add code coverage
- Add benchmarks
- 0.1.0:
- Init version