Helmet
Helmet helps you secure your Crystal web apps by setting various HTTP headers. It's not a silver bullet, but it can help!
This is a port of the Node.js version of Helmet.
Installation
Add this to your application's shard.yml
:
dependencies:
helmet:
github: EvanHahn/crystal-helmet
Usage
require "http/server"
require "helmet"
server = HTTP::Server.new("0.0.0.0", 8080,
[
Helmet::DNSPrefetchControllerHandler.new,
Helmet::FrameGuardHandler.new,
Helmet::InternetExplorerNoOpenHandler.new,
Helmet::NoSniffHandler.new,
Helmet::StrictTransportSecurityHandler.new(7.day),
Helmet::XSSFilterHandler.new,
]) do |context|
context.response.content_type = "text/plain"
context.response.print "Hello world!"
end
server.listen
Helmet is really just a collection of smaller handlers that set HTTP headers. See them listed in the example above and in the documentation.
Contributing
- Fork it (https://github.com/EvanHahn/crystal-helmet/fork)
- Create your branch (
git checkout -b my-new-feature
) - Commit your changes (
git commit -am 'Add XYZ'
) - Push to the branch (
git push origin my-new-feature
) - Create a new pull request
Contributors
- Evan Hahn - creator, maintainer
- Du Ba Thach - #3