headers.md
September 7, 2017 ยท View on GitHub
Headers
Koala adds some options and properties to make setting headers easier.
options.security
Some security headers are available hashed as options.security passed to koala(options).
hsts<number>- max age in milliseconds.maxAge: <number>- maxage in milliseconds.includeSubDomains: false- include sub domains
xframe- default: truetrue-X-Frame-Options: DENY'same'-X-Frame-Options: SAMEORIGIN
c3p- to be implementedp3p- to be implementedxssProtection: true- by default,X-XSS-Protection: 1; mode=blocknosniff: trueforX-Content-Type-Options: nosniff
const app = koala({
security: {
xframe: true
}
})
Cache Control
A utility to make setting the Cache-Control header a little bit easier.
Available as:
this.cacheControl()this.cc()this.response.cacheControl()this.response.cc()
this.cc(ms)
Set the max-age in milliseconds or as a human readable time.
Assumes the response is public.
this.cc(1000) // => Cache-Control: public, max-age=1
this.cc('1 hour') // => Cache-Control: public, max-age=3600
this.cc(false)
Set the Cache-Control to private, no-cache.
this.cc(string)
If a string is passed and can not be converted into seconds, it is simply set as the cache control.