Helmet

Helmet helps you secure your Crystal web apps by setting various HTTP headers. It's not a silver bullet, but it can help!

This is a port of the Node.js version of Helmet.

Installation

Add this to your application's shard.yml:

dependencies:
  helmet:
    github: EvanHahn/crystal-helmet

Usage

require "http/server"
require "helmet"

server = HTTP::Server.new("0.0.0.0", 8080,
  [
    Helmet::DNSPrefetchControllerHandler.new,
    Helmet::FrameGuardHandler.new,
    Helmet::InternetExplorerNoOpenHandler.new,
    Helmet::NoSniffHandler.new,
    Helmet::StrictTransportSecurityHandler.new(7.day),
    Helmet::XSSFilterHandler.new,
  ]) do |context|
  context.response.content_type = "text/plain"
  context.response.print "Hello world!"
end

server.listen

Helmet is really just a collection of smaller handlers that set HTTP headers. See them listed in the example above and in the documentation.

Contributing

1. Fork it (https://github.com/EvanHahn/crystal-helmet/fork)
2. Create your branch (git checkout -b my-new-feature)
3. Commit your changes (git commit -am 'Add XYZ')
4. Push to the branch (git push origin my-new-feature)
5. Create a new pull request

Contributors

• Evan Hahn - creator, maintainer
• Du Ba Thach - #3