web-check/api/http-security.js

27 lines
870 B
JavaScript
Raw Normal View History

import axios from 'axios';
import middleware from './_common/middleware.js';
2023-08-12 17:08:06 +02:00
const httpsSecHandler = async (url) => {
2023-08-12 17:08:06 +02:00
const fullUrl = url.startsWith('http') ? url : `http://${url}`;
try {
const response = await axios.get(fullUrl);
const headers = response.headers;
return {
strictTransportPolicy: headers['strict-transport-security'] ? true : false,
2023-08-12 17:08:06 +02:00
xFrameOptions: headers['x-frame-options'] ? true : false,
xContentTypeOptions: headers['x-content-type-options'] ? true : false,
xXSSProtection: headers['x-xss-protection'] ? true : false,
contentSecurityPolicy: headers['content-security-policy'] ? true : false,
}
} catch (error) {
return {
statusCode: 500,
body: JSON.stringify({ error: error.message }),
};
}
};
export const handler = middleware(httpsSecHandler);
export default handler;