diff --git a/HISTORY.md b/HISTORY.md index 471bbf74..6f16444e 100644 --- a/HISTORY.md +++ b/HISTORY.md @@ -1,3 +1,8 @@ +3.6.0 / 2017-05-04 +================== + +- new: `expectCt` middleware for setting the `Expect-CT` header + 3.5.0 / 2017-03-06 ================== diff --git a/README.md b/README.md index 5a126110..5ccd9f10 100644 --- a/README.md +++ b/README.md @@ -58,11 +58,12 @@ app.use(helmet({ How it works ------------ -Helmet is a collection of 11 smaller middleware functions that set HTTP headers. Running `app.use(helmet())` will not include all of these middleware functions by default. +Helmet is a collection of 12 smaller middleware functions that set HTTP headers. Running `app.use(helmet())` will not include all of these middleware functions by default. | Module | Default? | |---|---| | [contentSecurityPolicy](https://helmetjs.github.io/docs/csp/) for setting Content Security Policy | | +| [expectCt](https://helmetjs.github.io/docs/expect-ct/) for handling Certificate Transparency | | | [dnsPrefetchControl](https://helmetjs.github.io/docs/dns-prefetch-control) controls browser DNS prefetching | ✓ | | [frameguard](https://helmetjs.github.io/docs/frameguard/) to prevent clickjacking | ✓ | | [hidePoweredBy](https://helmetjs.github.io/docs/hide-powered-by) to remove the X-Powered-By header | ✓ | diff --git a/index.js b/index.js index 9ff01ebc..0d3521f3 100644 --- a/index.js +++ b/index.js @@ -31,6 +31,7 @@ function helmet (options) { helmet.contentSecurityPolicy = require('helmet-csp') helmet.dnsPrefetchControl = require('dns-prefetch-control') +helmet.expectCt = require('expect-ct') helmet.frameguard = require('frameguard') helmet.hidePoweredBy = require('hide-powered-by') helmet.hpkp = require('hpkp') diff --git a/package.json b/package.json index 3b2d97c1..454135a2 100644 --- a/package.json +++ b/package.json @@ -30,6 +30,7 @@ "connect": "3.6.0", "dns-prefetch-control": "0.1.0", "dont-sniff-mimetype": "1.0.0", + "expect-ct": "0.1.0", "frameguard": "3.0.0", "helmet-csp": "2.4.0", "hide-powered-by": "1.0.0", diff --git a/test/index.js b/test/index.js index 2dbce6b6..22b6e81d 100644 --- a/test/index.js +++ b/test/index.js @@ -23,6 +23,11 @@ describe('helmet', function () { assert.equal(helmet.noSniff, pkg) }) + it('aliases "expect-ct"', function () { + var pkg = require('expect-ct') + assert.equal(helmet.expectCt, pkg) + }) + it('aliases "frameguard"', function () { var pkg = require('frameguard') assert.equal(helmet.frameguard, pkg) @@ -98,6 +103,7 @@ describe('helmet', function () { sinon.assert.calledWith(helmet.xssFilter, {}) sinon.assert.notCalled(helmet.contentSecurityPolicy) + sinon.assert.notCalled(helmet.expectCt) sinon.assert.notCalled(helmet.hpkp) sinon.assert.notCalled(helmet.noCache) }) @@ -120,6 +126,7 @@ describe('helmet', function () { sinon.assert.calledWith(helmet.noSniff, {}) sinon.assert.calledWith(helmet.xssFilter, {}) sinon.assert.notCalled(helmet.contentSecurityPolicy) + sinon.assert.notCalled(helmet.expectCt) sinon.assert.notCalled(helmet.hpkp) sinon.assert.notCalled(helmet.noCache) }) @@ -145,6 +152,7 @@ describe('helmet', function () { sinon.assert.calledWith(helmet.noSniff, {}) sinon.assert.calledWith(helmet.xssFilter, {}) sinon.assert.notCalled(helmet.contentSecurityPolicy) + sinon.assert.notCalled(helmet.expectCt) sinon.assert.notCalled(helmet.hpkp) }) @@ -169,6 +177,7 @@ describe('helmet', function () { sinon.assert.calledWith(helmet.noSniff, {}) sinon.assert.calledWith(helmet.xssFilter, {}) sinon.assert.notCalled(helmet.contentSecurityPolicy) + sinon.assert.notCalled(helmet.expectCt) sinon.assert.notCalled(helmet.hpkp) sinon.assert.notCalled(helmet.noCache) }) @@ -199,6 +208,7 @@ describe('helmet', function () { sinon.assert.calledWith(helmet.ieNoOpen, {}) sinon.assert.calledWith(helmet.noSniff, {}) sinon.assert.calledWith(helmet.xssFilter, {}) + sinon.assert.notCalled(helmet.expectCt) sinon.assert.notCalled(helmet.hpkp) sinon.assert.notCalled(helmet.noCache) })