Interface SecurityHeadersConfig

interface SecurityHeadersConfig {
    crossOriginEmbedderPolicy?: "require-corp" | "credentialless";
    crossOriginOpenerPolicy?: "same-origin" | "same-origin-allow-popups" | "unsafe-none";
    crossOriginResourcePolicy?: "same-origin" | "same-site" | "cross-origin";
    csp?: {
        connectSrc?: string[];
        defaultSrc?: string[];
        fontSrc?: string[];
        frameSrc?: string[];
        imgSrc?: string[];
        mediaSrc?: string[];
        objectSrc?: string[];
        reportOnly?: boolean;
        reportUri?: string;
        scriptSrc?: string[];
        styleSrc?: string[];
    };
    hsts?: {
        includeSubDomains?: boolean;
        maxAge?: number;
        preload?: boolean;
    };
    permissionsPolicy?: Record<string, string[]>;
    referrerPolicy?: "origin" | "no-referrer" | "no-referrer-when-downgrade" | "origin-when-cross-origin" | "same-origin" | "strict-origin" | "strict-origin-when-cross-origin" | "unsafe-url";
    xContentTypeOptions?: boolean;
    xFrameOptions?: "DENY" | "SAMEORIGIN" | "ALLOW-FROM";
}

Properties

crossOriginEmbedderPolicy? crossOriginOpenerPolicy? crossOriginResourcePolicy? csp? hsts? permissionsPolicy? referrerPolicy? xContentTypeOptions? xFrameOptions?

Properties

Optional crossOriginEmbedderPolicy

crossOriginEmbedderPolicy?: "require-corp" | "credentialless"

Optional crossOriginOpenerPolicy

crossOriginOpenerPolicy?: "same-origin" | "same-origin-allow-popups" | "unsafe-none"

Optional crossOriginResourcePolicy

crossOriginResourcePolicy?: "same-origin" | "same-site" | "cross-origin"

Optional csp

csp?: {
    connectSrc?: string[];
    defaultSrc?: string[];
    fontSrc?: string[];
    frameSrc?: string[];
    imgSrc?: string[];
    mediaSrc?: string[];
    objectSrc?: string[];
    reportOnly?: boolean;
    reportUri?: string;
    scriptSrc?: string[];
    styleSrc?: string[];
}

Type declaration

  • Optional connectSrc?: string[]
  • Optional defaultSrc?: string[]
  • Optional fontSrc?: string[]
  • Optional frameSrc?: string[]
  • Optional imgSrc?: string[]
  • Optional mediaSrc?: string[]
  • Optional objectSrc?: string[]
  • Optional reportOnly?: boolean
  • Optional reportUri?: string
  • Optional scriptSrc?: string[]
  • Optional styleSrc?: string[]

Optional hsts

hsts?: {
    includeSubDomains?: boolean;
    maxAge?: number;
    preload?: boolean;
}

Type declaration

  • Optional includeSubDomains?: boolean
  • Optional maxAge?: number
  • Optional preload?: boolean

Optional permissionsPolicy

permissionsPolicy?: Record<string, string[]>

Optional referrerPolicy

referrerPolicy?: "origin" | "no-referrer" | "no-referrer-when-downgrade" | "origin-when-cross-origin" | "same-origin" | "strict-origin" | "strict-origin-when-cross-origin" | "unsafe-url"

Optional xContentTypeOptions

xContentTypeOptions?: boolean

Optional xFrameOptions

xFrameOptions?: "DENY" | "SAMEORIGIN" | "ALLOW-FROM"

Settings

Member Visibility

Theme

On This Page

crossOriginEmbedderPolicycrossOriginOpenerPolicycrossOriginResourcePolicycsphstspermissionsPolicyreferrerPolicyxContentTypeOptionsxFrameOptions