From 1e8d6e868c435ad3e008f05a9ef72ceebf31eabc Mon Sep 17 00:00:00 2001 From: Alicia Sykes Date: Sat, 12 Aug 2023 16:08:06 +0100 Subject: [PATCH] Adds HTTP security header checks --- api/http-security.js | 25 +++++++++++++++++++++++++ src/components/Results/HttpSecurity.tsx | 17 +++++++++++++++++ 2 files changed, 42 insertions(+) create mode 100644 api/http-security.js create mode 100644 src/components/Results/HttpSecurity.tsx diff --git a/api/http-security.js b/api/http-security.js new file mode 100644 index 0000000..0cd644d --- /dev/null +++ b/api/http-security.js @@ -0,0 +1,25 @@ +const axios = require('axios'); +const middleware = require('./_common/middleware'); + +const handler = async (url) => { + const fullUrl = url.startsWith('http') ? url : `http://${url}`; + + try { + const response = await axios.get(fullUrl); + const headers = response.headers; + return { + strictTransportPolicy: headers['strict-transport-policy'] ? true : false, + xFrameOptions: headers['x-frame-options'] ? true : false, + xContentTypeOptions: headers['x-content-type-options'] ? true : false, + xXSSProtection: headers['x-xss-protection'] ? true : false, + contentSecurityPolicy: headers['content-security-policy'] ? true : false, + } + } catch (error) { + return { + statusCode: 500, + body: JSON.stringify({ error: error.message }), + }; + } +}; + +exports.handler = middleware(handler); diff --git a/src/components/Results/HttpSecurity.tsx b/src/components/Results/HttpSecurity.tsx new file mode 100644 index 0000000..20c0f49 --- /dev/null +++ b/src/components/Results/HttpSecurity.tsx @@ -0,0 +1,17 @@ +import { Card } from 'components/Form/Card'; +import Row from 'components/Form/Row'; + +const HttpSecurityCard = (props: { data: any, title: string, actionButtons: any }): JSX.Element => { + const data = props.data; + return ( + + + + + + + + ); +} + +export default HttpSecurityCard;