Package Exports
- rfc7469-node
This package does not declare an exports field, so the exports above have been automatically detected and optimized by JSPM instead. If any package subpath is missing, it is recommended to post an issue to the original package (rfc7469-node) to support the "exports" field. If that is not possible, create a JSPM override to customize the exports field for this package.
Readme
rfc7469-node
Express middleware for HTTPS public key pinning (RFC 7469)
Example
var rfc7469 = require('rfc7469');
var app = express();
app.use(rfc7469({
includeSubdomains: true,
maxAge: Date.now() + 604800000,
reportURI: "http://mydomain.com/report",
pins: [
"E9CZ9INDbd+2eRQozYqqbQ2yXLVKB9+xcprMF+44U1g=",
"LPJNul+wow4m6DsqxbninhsWHlwfp0JecwQzYpOLmCQ="
]
}));
... etc
Usage
rfc7469(options)
Returns a function which can be used as middleware for express.
Options
Name | Type | Required | Example | Default | Description |
---|---|---|---|---|---|
maxAge | number | ✓ | 123456 | N/A | Maximum time the browser will cache this header. |
pins | array of strings | [ "one", "two" ] | SHA256 fingerprint of certificate subject | ||
includeSubdomains | boolean | true | N/A | Should the browser use this header for subdomains too. | |
reportURI | string | "http://mywebsite.com/report" | N/A | URL the browser will send reports to. |
reportOnly()
Makes the middleware only set the Public-Key-Pins-Report-Only
header instead of enforcing it.
Considerations
It is up to the user that this middleware is only set on connections that are served over HTTPS.