koa-helmet
koa-helmet copied to clipboard
venables
Important security headers for koa
Bumps [minimist](https://github.com/substack/minimist) from 1.2.5 to 1.2.6. Commits 7efb22a 1.2.6 ef88b93 security notice for additional prototype pollution issue c2b9819 isConstructorOrProto adapted from PR bc8ecee test from prototype pollution PR See full...
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot] avatar"){kind=avatar}
I'm trying to use the `useDefaults` option, but Typescript doesn't like it: ```ts app.use(helmet({ contentSecurityPolicy: { // @ts-ignore useDefaults: true, directives: { 'connect-src': 'https://*.sentry.io' } } })) ``` also the...
This works fine in practice, but it's throwing an error for me in TypeScript. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/worker-src
Helmet allows the CSP directives object to contain arbitrary key-value pairs. The current typings for koa-helmet don't reflect this, so trying to do the following results in a type error:...
Thanks for merging types directly into the lib. My dependency bot is trying to pull this update, but my `tsc` builds with yarn 2.4.1 (with pnp) fail on it for...
https://github.com/venables/koa-helmet/blob/3608f848ae3ee53a594f7d7e0304f5e52081a6a7/package.json#L30 There's a new version for helmet package `5.1.1`
The type definition does not include the `crossOriginEmbedderPolicy`, `crossOriginOpenerPolicy`, nor the `crossOriginOpenerPolicy` listed in the API documentation for `helmetjs` (https://helmetjs.github.io/). Are they going to be added to the type definition...
This PR adds support for the `Cross-Origin-*` headers, raised by issue #85
Bumps [minimist](https://github.com/minimistjs/minimist) from 1.2.5 to 1.2.8. Changelog Sourced from minimist's changelog. v1.2.8 - 2023-02-09 Merged [Fix] Fix long option followed by single dash [#17](https://github.com/minimistjs/minimist/issues/17) [Tests] Remove duplicate test [#12](https://github.com/minimistjs/minimist/issues/12) [Fix]...
Removes [cacheable-request](https://github.com/jaredwray/cacheable-request). It's no longer used after updating ancestor dependency [ava](https://github.com/avajs/ava). These dependencies need to be updated together. Removes `cacheable-request` Updates `ava` from 3.15.0 to 5.2.0 Release notes Sourced from...