fastify-hsts

Fastify plugin for HTTP Strict Transport Security

Usage no npm install needed!

<script type="module">
  import fastifyHsts from 'https://cdn.skypack.dev/fastify-hsts';
</script>

README

fastify-hsts

Build Status Code coverage Code style Dependency Status Dev Dependency Status NPM version NPM downloads NPM license

Fastify plugin for HTTP Strict Transport Security

Why?

You may know hsts as a hsts middleware used in helmet. And you could use it as a middleware in fastify also. So why i made this plugin?

You may find the reason in benchmark result and wish you like it. :)

Difference

This plugin has passed all hsts test cases. But there are some differences to csp:

  • Will use default value if no maxAge option or it's invalid.
  • Will ignore setIf if it's not a function.

Install

Via npm:

npm i fastify-hsts

Via yarn:

yarn add fastify-hsts

Usage

const fastify = require('fastify');
const fastifyHsts = require('fastify-hsts');

const app = fastify();
app.register(fastifyHsts, {
  // Your options
});

app.listen(3000, err => {
  if (err) throw err;
});

Options

This plugin has the same options as the middleware in helmet.

maxAge {number}

Set max-age in header. Default is 15552000 which means 180 days in seconds. Plugin will use default value if you passed in a non-numeric value.

includeSubDomains {boolean}

Set includeSubDomains value in header. Default is true. You could see more informations here for this value.

includeSubdomains {boolean}

Alias to includeSubDomains.

preload {boolean}

Set preload value in header. Default is false. You could see more informations here for this value.

setIf {function}

This plugin will always set the header since the header is ignored in insecure HTTP. But if you wish to set it conditionally, you could use this.

app.register(fastifyHsts, {
  setIf: (request, reply) => {
    // request is the fastify request instance
    // reply is the fastify reply instance
    // should return a truly value for setting header
  }
});

Changelog

  • 0.3.0
    • Use hsts test cases
  • 0.2.0
    • Add test case
    • Add code coverage
    • Add benchmarks
  • 0.1.0
    • Init version