headers.md

September 7, 2017 ยท View on GitHub

Headers

Koala adds some options and properties to make setting headers easier.

options.security

Some security headers are available hashed as options.security passed to koala(options).

  • hsts
    • <number> - max age in milliseconds
    • .maxAge: <number> - maxage in milliseconds
    • .includeSubDomains: false - include sub domains
  • xframe - default: true
    • true - X-Frame-Options: DENY
    • 'same' - X-Frame-Options: SAMEORIGIN
  • c3p - to be implemented
  • p3p - to be implemented
  • xssProtection: true - by default, X-XSS-Protection: 1; mode=block
  • nosniff: true for X-Content-Type-Options: nosniff
const app = koala({
  security: {
    xframe: true
  }
})

Cache Control

A utility to make setting the Cache-Control header a little bit easier. Available as:

  • this.cacheControl()
  • this.cc()
  • this.response.cacheControl()
  • this.response.cc()

this.cc(ms)

Set the max-age in milliseconds or as a human readable time. Assumes the response is public.

this.cc(1000) // => Cache-Control: public, max-age=1
this.cc('1 hour') // => Cache-Control: public, max-age=3600

this.cc(false)

Set the Cache-Control to private, no-cache.

this.cc(string)

If a string is passed and can not be converted into seconds, it is simply set as the cache control.