WayrApp Backend & Ecosystem Documentation - v1.0.0
    Preparing search index...

    Variable helmetOptionsConst

    helmetOptions: {
        contentSecurityPolicy: {
            directives: {
                defaultSrc: string[];
                styleSrc: string[];
                scriptSrc: string[];
                imgSrc: string[];
                connectSrc: string[];
                fontSrc: string[];
                objectSrc: string[];
                mediaSrc: string[];
                frameSrc: string[];
            };
        };
        crossOriginEmbedderPolicy: boolean;
        hsts: { maxAge: number; includeSubDomains: boolean; preload: boolean };
    } = ...

    Configuration object for Helmet security middleware

    Type declaration

    • contentSecurityPolicy: {
          directives: {
              defaultSrc: string[];
              styleSrc: string[];
              scriptSrc: string[];
              imgSrc: string[];
              connectSrc: string[];
              fontSrc: string[];
              objectSrc: string[];
              mediaSrc: string[];
              frameSrc: string[];
          };
      }
    • crossOriginEmbedderPolicy: boolean
    • hsts: { maxAge: number; includeSubDomains: boolean; preload: boolean }
    // Usage with Helmet middleware in main application
    import helmet from 'helmet';
    import { helmetOptions } from '@/shared/middleware/security';

    app.use(helmet(helmetOptions));

    // Headers set by this configuration:
    // Content-Security-Policy: default-src 'self'; style-src 'self' 'unsafe-inline' https://unpkg.com/swagger-ui-dist@5.9.0/; script-src 'self' 'unsafe-inline' https://unpkg.com/swagger-ui-dist@5.9.0/; ...
    // Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    // X-Content-Type-Options: nosniff
    // X-Frame-Options: DENY
    // X-XSS-Protection: 1; mode=block

    Settings

    Member Visibility