mirror of
https://github.com/Lissy93/web-check.git
synced 2025-01-23 22:59:17 +01:00
Adds HTTP security header checks
This commit is contained in:
parent
efba42d59d
commit
1e8d6e868c
25
api/http-security.js
Normal file
25
api/http-security.js
Normal file
@ -0,0 +1,25 @@
|
||||
const axios = require('axios');
|
||||
const middleware = require('./_common/middleware');
|
||||
|
||||
const handler = async (url) => {
|
||||
const fullUrl = url.startsWith('http') ? url : `http://${url}`;
|
||||
|
||||
try {
|
||||
const response = await axios.get(fullUrl);
|
||||
const headers = response.headers;
|
||||
return {
|
||||
strictTransportPolicy: headers['strict-transport-policy'] ? true : false,
|
||||
xFrameOptions: headers['x-frame-options'] ? true : false,
|
||||
xContentTypeOptions: headers['x-content-type-options'] ? true : false,
|
||||
xXSSProtection: headers['x-xss-protection'] ? true : false,
|
||||
contentSecurityPolicy: headers['content-security-policy'] ? true : false,
|
||||
}
|
||||
} catch (error) {
|
||||
return {
|
||||
statusCode: 500,
|
||||
body: JSON.stringify({ error: error.message }),
|
||||
};
|
||||
}
|
||||
};
|
||||
|
||||
exports.handler = middleware(handler);
|
17
src/components/Results/HttpSecurity.tsx
Normal file
17
src/components/Results/HttpSecurity.tsx
Normal file
@ -0,0 +1,17 @@
|
||||
import { Card } from 'components/Form/Card';
|
||||
import Row from 'components/Form/Row';
|
||||
|
||||
const HttpSecurityCard = (props: { data: any, title: string, actionButtons: any }): JSX.Element => {
|
||||
const data = props.data;
|
||||
return (
|
||||
<Card heading={props.title} actionButtons={props.actionButtons}>
|
||||
<Row lbl="Content Security Policy" val={data.contentSecurityPolicy ? '✅ Yes' : '❌ No' } />
|
||||
<Row lbl="Strict Transport Policy" val={data.strictTransportPolicy ? '✅ Yes' : '❌ No' } />
|
||||
<Row lbl="X-Content-Type-Options" val={data.xContentTypeOptions ? '✅ Yes' : '❌ No' } />
|
||||
<Row lbl="X-Frame-Options" val={data.xFrameOptions ? '✅ Yes' : '❌ No' } />
|
||||
<Row lbl="X-XSS-Protection" val={data.xXSSProtection ? '✅ Yes' : '❌ No' } />
|
||||
</Card>
|
||||
);
|
||||
}
|
||||
|
||||
export default HttpSecurityCard;
|
Loading…
Reference in New Issue
Block a user