ienoopen
    Overview
    Documentation
    Insights
    Code
    Contributors
    Dependencies
    Alternatives

ienoopen

Middleware for IE security. Set X-Download-Options to noopen.

1.1.0  •  Published 9 months ago  •  by helmetjs  •  MIT License

Internet Explorer, restrict untrusted HTML

Build Status

This middleware sets the X-Download-Options header to noopen to prevent Internet Explorer users from executing downloads in your site’s context.

const ienoopen = require('ienoopen')
app.use(ienoopen())

Some web applications will serve untrusted HTML for download. By default, some versions of IE will allow you to open those HTML files in the context of your site, which means that an untrusted HTML page could start doing bad things in the context of your pages. For more, see this MSDN blog post.

This is pretty obscure, fixing a small bug on IE only. No real drawbacks other than performance/bandwidth of setting the headers, though.

How do you feel about the name Devstore for this site?

Popularity

Weekly Downloads
643.2K
Stars
14

Maintenance

Development

Last ver 9 months ago
Created 5 years ago
Last commit 3 months ago
1 month between commits

Technology

Node version: 11.10.1
4.2K unpacked

Compliance

MIT License
OSI Approved
0 vulnerabilities

Contributors

4 contributors
Evan Hahn
Maintainer, 54 commits, 6 merges, 3 PRs
Works at Airtable
Ben James
2 commits, 2 PRs
Works at charisma-ai
Nathan Shively-Sanders
1 commits, 1 PRs
Works at Microsoft
dependabot[bot]
1 commits
Adam Baldwin
Maintainer
Works at npm
XhmikosR
1 PRs

Tags

helmet
security
express
connect
noopen
x-download-options
Ready for the next level?
Join Devstore's founding team to help us build the ultimate open-source app store, work with the latest technologies, and enjoy great culture, impact and autonomy
© 2019 Devstore, Inc.
Devstore helps developers find and use open-source packages, so they can focus on building amazing things