g
/
familyARK
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
11 Commits
2 Branches
9.1 MiB
 
 
 
 
 
Tree: e92c407517
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'e92c407517'
${ noResults }
familyARK/familyark/app/node_modules/hpkp
root 1c78566f5b initial 6 years ago
..
.npmignore initial 6 years ago
LICENSE initial 6 years ago
README.md initial 6 years ago
index.js initial 6 years ago
package.json initial 6 years ago

README.md

HTTP Public Key Pinning (HPKP) middleware

Build Status js-standard-style

Looking for a changelog?

Adds Public Key Pinning headers to Express/Connect applications. To learn more about HPKP, check out the spec, the article on MDN, and this tutorial.

Usage:

var express = require('express')
var hpkp = require('hpkp')

var app = express()

var ninetyDaysInSeconds = 7776000
app.use(hpkp({
  maxAge: ninetyDaysInSeconds,
  sha256s: ['AbCdEf123=', 'ZyXwVu456='],
  includeSubDomains: true,         // optional
  reportUri: 'http://example.com', // optional
  reportOnly: false,               // optional

  // Set the header based on a condition.
  // This is optional.
  setIf: function (req, res) {
    return req.secure
  }
}))

Setting reportOnly to true will change the header from Public-Key-Pins to Public-Key-Pins-Report-Only.

Don't let these get out of sync with your certs! It's also recommended to test your HPKP deployment in reportOnly mode, or alternatively, to use a very short maxAge until you're confident your deployment is correct.