Helmet helps you secure your Crystal web apps by setting various HTTP headers. It's not a silver bullet, but it can help!
This is a port of the Node.js version of Helmet.
Add this to your application's shard.yml
:
dependencies:
helmet:
github: EvanHahn/crystal-helmet
require "http/server"
require "helmet"
server = HTTP::Server.new("0.0.0.0", 8080,
[
Helmet::DNSPrefetchControllerHandler.new,
Helmet::FrameGuardHandler.new,
Helmet::InternetExplorerNoOpenHandler.new,
Helmet::NoSniffHandler.new,
Helmet::StrictTransportSecurityHandler.new(7.day),
Helmet::XSSFilterHandler.new,
]) do |context|
context.response.content_type = "text/plain"
context.response.print "Hello world!"
end
server.listen
Helmet is really just a collection of smaller handlers that set HTTP headers. See them listed in the example above and in the documentation.
git checkout -b my-new-feature
)git commit -am 'Add XYZ'
)git push origin my-new-feature
)