mirror of
https://github.com/Lissy93/web-check.git
synced 2025-01-24 07:10:11 +01:00
Adds HTTP security header checks
This commit is contained in:
parent
efba42d59d
commit
1e8d6e868c
25
api/http-security.js
Normal file
25
api/http-security.js
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
const axios = require('axios');
|
||||||
|
const middleware = require('./_common/middleware');
|
||||||
|
|
||||||
|
const handler = async (url) => {
|
||||||
|
const fullUrl = url.startsWith('http') ? url : `http://${url}`;
|
||||||
|
|
||||||
|
try {
|
||||||
|
const response = await axios.get(fullUrl);
|
||||||
|
const headers = response.headers;
|
||||||
|
return {
|
||||||
|
strictTransportPolicy: headers['strict-transport-policy'] ? true : false,
|
||||||
|
xFrameOptions: headers['x-frame-options'] ? true : false,
|
||||||
|
xContentTypeOptions: headers['x-content-type-options'] ? true : false,
|
||||||
|
xXSSProtection: headers['x-xss-protection'] ? true : false,
|
||||||
|
contentSecurityPolicy: headers['content-security-policy'] ? true : false,
|
||||||
|
}
|
||||||
|
} catch (error) {
|
||||||
|
return {
|
||||||
|
statusCode: 500,
|
||||||
|
body: JSON.stringify({ error: error.message }),
|
||||||
|
};
|
||||||
|
}
|
||||||
|
};
|
||||||
|
|
||||||
|
exports.handler = middleware(handler);
|
17
src/components/Results/HttpSecurity.tsx
Normal file
17
src/components/Results/HttpSecurity.tsx
Normal file
@ -0,0 +1,17 @@
|
|||||||
|
import { Card } from 'components/Form/Card';
|
||||||
|
import Row from 'components/Form/Row';
|
||||||
|
|
||||||
|
const HttpSecurityCard = (props: { data: any, title: string, actionButtons: any }): JSX.Element => {
|
||||||
|
const data = props.data;
|
||||||
|
return (
|
||||||
|
<Card heading={props.title} actionButtons={props.actionButtons}>
|
||||||
|
<Row lbl="Content Security Policy" val={data.contentSecurityPolicy ? '✅ Yes' : '❌ No' } />
|
||||||
|
<Row lbl="Strict Transport Policy" val={data.strictTransportPolicy ? '✅ Yes' : '❌ No' } />
|
||||||
|
<Row lbl="X-Content-Type-Options" val={data.xContentTypeOptions ? '✅ Yes' : '❌ No' } />
|
||||||
|
<Row lbl="X-Frame-Options" val={data.xFrameOptions ? '✅ Yes' : '❌ No' } />
|
||||||
|
<Row lbl="X-XSS-Protection" val={data.xXSSProtection ? '✅ Yes' : '❌ No' } />
|
||||||
|
</Card>
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
export default HttpSecurityCard;
|
Loading…
Reference in New Issue
Block a user