Add Expect-CT into Helmet 3.6.0

HISTORY.md

@@ -1,3 +1,8 @@
+3.6.0 / 2017-05-04
+==================
+
+- new: `expectCt` middleware for setting the `Expect-CT` header
+
 3.5.0 / 2017-03-06
 ==================
 

README.md

@@ -58,11 +58,12 @@ app.use(helmet({
 How it works
 ------------
 
-Helmet is a collection of 11 smaller middleware functions that set HTTP headers. Running `app.use(helmet())` will not include all of these middleware functions by default.
+Helmet is a collection of 12 smaller middleware functions that set HTTP headers. Running `app.use(helmet())` will not include all of these middleware functions by default.
 
 | Module | Default? |
 |---|---|
 | [contentSecurityPolicy](https://helmetjs.github.io/docs/csp/) for setting Content Security Policy |  |
+| [expectCt](https://helmetjs.github.io/docs/expect-ct/) for handling Certificate Transparency |  |
 | [dnsPrefetchControl](https://helmetjs.github.io/docs/dns-prefetch-control) controls browser DNS prefetching | ✓ |
 | [frameguard](https://helmetjs.github.io/docs/frameguard/) to prevent clickjacking | ✓ |
 | [hidePoweredBy](https://helmetjs.github.io/docs/hide-powered-by) to remove the X-Powered-By header | ✓ |

index.js

@@ -31,6 +31,7 @@ function helmet (options) {
 
 helmet.contentSecurityPolicy = require('helmet-csp')
 helmet.dnsPrefetchControl = require('dns-prefetch-control')
+helmet.expectCt = require('expect-ct')
 helmet.frameguard = require('frameguard')
 helmet.hidePoweredBy = require('hide-powered-by')
 helmet.hpkp = require('hpkp')

package.json

@@ -30,6 +30,7 @@
     "connect": "3.6.0",
     "dns-prefetch-control": "0.1.0",
     "dont-sniff-mimetype": "1.0.0",
+    "expect-ct": "0.1.0",
     "frameguard": "3.0.0",
     "helmet-csp": "2.4.0",
     "hide-powered-by": "1.0.0",

test/index.js

@@ -23,6 +23,11 @@ describe('helmet', function () {
       assert.equal(helmet.noSniff, pkg)
     })
 
+    it('aliases "expect-ct"', function () {
+      var pkg = require('expect-ct')
+      assert.equal(helmet.expectCt, pkg)
+    })
+
     it('aliases "frameguard"', function () {
       var pkg = require('frameguard')
       assert.equal(helmet.frameguard, pkg)
@@ -98,6 +103,7 @@ describe('helmet', function () {
       sinon.assert.calledWith(helmet.xssFilter, {})
 
       sinon.assert.notCalled(helmet.contentSecurityPolicy)
+      sinon.assert.notCalled(helmet.expectCt)
       sinon.assert.notCalled(helmet.hpkp)
       sinon.assert.notCalled(helmet.noCache)
     })
@@ -120,6 +126,7 @@ describe('helmet', function () {
       sinon.assert.calledWith(helmet.noSniff, {})
       sinon.assert.calledWith(helmet.xssFilter, {})
       sinon.assert.notCalled(helmet.contentSecurityPolicy)
+      sinon.assert.notCalled(helmet.expectCt)
       sinon.assert.notCalled(helmet.hpkp)
       sinon.assert.notCalled(helmet.noCache)
     })
@@ -145,6 +152,7 @@ describe('helmet', function () {
       sinon.assert.calledWith(helmet.noSniff, {})
       sinon.assert.calledWith(helmet.xssFilter, {})
       sinon.assert.notCalled(helmet.contentSecurityPolicy)
+      sinon.assert.notCalled(helmet.expectCt)
       sinon.assert.notCalled(helmet.hpkp)
     })
 
@@ -169,6 +177,7 @@ describe('helmet', function () {
       sinon.assert.calledWith(helmet.noSniff, {})
       sinon.assert.calledWith(helmet.xssFilter, {})
       sinon.assert.notCalled(helmet.contentSecurityPolicy)
+      sinon.assert.notCalled(helmet.expectCt)
       sinon.assert.notCalled(helmet.hpkp)
       sinon.assert.notCalled(helmet.noCache)
     })
@@ -199,6 +208,7 @@ describe('helmet', function () {
       sinon.assert.calledWith(helmet.ieNoOpen, {})
       sinon.assert.calledWith(helmet.noSniff, {})
       sinon.assert.calledWith(helmet.xssFilter, {})
+      sinon.assert.notCalled(helmet.expectCt)
       sinon.assert.notCalled(helmet.hpkp)
       sinon.assert.notCalled(helmet.noCache)
     })