coep-middleware

![deno land](https://deno.land/x/coep_middleware)
![deno doc](https://doc.deno.land/https/deno.land/x/coep_middleware/mod.ts)
![GitHub release (latest by date)](https://github.com/httpland/coep-middleware/releases)
![codecov](https://codecov.io/gh/httpland/coep-middleware)
![GitHub](https://github.com/httpland/coep-middleware/blob/main/LICENSE)

![test](https://github.com/httpland/coep-middleware/actions/workflows/test.yaml)
![NPM](https://nodei.co/npm/@httpland/coep-middleware/)

HTTP cross-origin embedder policy(COEP) middleware.

Compliant with
HTML Living Standard, 7.1.4 Cross-origin embedder policies.

Middleware

For a definition of Universal HTTP middleware, see the
http-middleware project.

Usage

Middleware adds the Cross-Origin-Embedder-Policy header to the response.

``ts import { coep, type Handler, } from "https://deno.land/x/coep_middleware@$VERSION/mod.ts"; import { assert } from "https://deno.land/std/testing/asserts.ts";

declare const request: Request; declare const handler: Handler;

const middleware = coep(); const response = await middleware(request, handler);

assert(response.headers.has("cross-origin-embedder-policy"));`

yield:

`http Cross-Origin-Embedder-Policy: require-corp`

`Options`

The middleware factory accepts the following fields:

| Name | Type | Default | Description | | ---------- | --------------------------------------------------------------- | :--------------: | ------------------------------------- | | policy |"require-corp" | "unsafe-none" | credentialless | "require-corp"| Embedder policy value. | | reportTo |string| - | Reporting endpoint name. | | reportOnly |boolean | false | Whether header is report-only or not. |

`$3`

If specified, change the embedder policy value.

`ts import { coep } from "https://deno.land/x/coep_middleware@$VERSION/middleware.ts";

const middleware = coep({ policy: "credentialless" });`

yield:

`http Cross-Origin-Embedder-Policy: credentialless`

`$3`

If specified, adds a report-to param to the output.

`ts import { coep } from "https://deno.land/x/coep_middleware@$VERSION/middleware.ts";

const middleware = coep({ reportTo: "default" });`

yield:

`http Cross-Origin-Embedder-Policy: require-corp;report-to=default`

`$3`

Depending on the value, the header will be:

| Value | Field name | | ------- | ------------------------------------------ | |true | Cross-Origin-Embedder-Policy-Report-Only| |false | Cross-Origin-Embedder-Policy |

`ts import { coep } from "https://deno.land/x/coep_middleware@$VERSION/middleware.ts";

const middleware = coep({ reportOnly: true });`

yield:

`http Cross-Origin-Embedder-Policy-Report-Only: require-corp`

`$3`

If serialize of embedder policy fails, it may throw TypeError.

Serialize fails in the following cases:

- If reportTofield is an invalidsyntax

`ts import { coep } from "https://deno.land/x/coep_middleware@$VERSION/middleware.ts"; import { assertThrows } from "https://deno.land/std/testing/asserts.ts";

assertThrows(() => coep({ reportTo: "" }));`

`Conditions`

Middleware will execute if all of the following conditions are met:

- Response does not include Cross-Origin-Embedder-Policyheader - Response does not includeCross-Origin-Embedder-Policy-Report-Only` header

Effects

Middleware may make changes to the following elements of the HTTP message.

- HTTP Headers
- Cross-Origin-Embedder-Policy
- Cross-Origin-Embedder-Policy-Report-Only

API

All APIs can be found in the
deno doc.

License

Released under the MIT license

coep-middleware

![test](https://github.com/httpland/coep-middleware/actions/workflows/test.yaml)
![NPM](https://nodei.co/npm/@httpland/coep-middleware/)

HTTP cross-origin embedder policy(COEP) middleware.

Compliant with
HTML Living Standard, 7.1.4 Cross-origin embedder policies.

Middleware

For a definition of Universal HTTP middleware, see the
http-middleware project.

Usage

Middleware adds the Cross-Origin-Embedder-Policy header to the response.

``ts import { coep, type Handler, } from "https://deno.land/x/coep_middleware@$VERSION/mod.ts"; import { assert } from "https://deno.land/std/testing/asserts.ts";

declare const request: Request; declare const handler: Handler;

const middleware = coep(); const response = await middleware(request, handler);

assert(response.headers.has("cross-origin-embedder-policy"));`

yield:

`http Cross-Origin-Embedder-Policy: require-corp`

`Options`

The middleware factory accepts the following fields:

`$3`

If specified, change the embedder policy value.

`ts import { coep } from "https://deno.land/x/coep_middleware@$VERSION/middleware.ts";

const middleware = coep({ policy: "credentialless" });`

yield:

`http Cross-Origin-Embedder-Policy: credentialless`

`$3`

If specified, adds a report-to param to the output.

`ts import { coep } from "https://deno.land/x/coep_middleware@$VERSION/middleware.ts";

const middleware = coep({ reportTo: "default" });`

yield:

`http Cross-Origin-Embedder-Policy: require-corp;report-to=default`

`$3`

Depending on the value, the header will be:

| Value | Field name | | ------- | ------------------------------------------ | |true | Cross-Origin-Embedder-Policy-Report-Only| |false | Cross-Origin-Embedder-Policy |

`ts import { coep } from "https://deno.land/x/coep_middleware@$VERSION/middleware.ts";

const middleware = coep({ reportOnly: true });`

yield:

`http Cross-Origin-Embedder-Policy-Report-Only: require-corp`

`$3`

If serialize of embedder policy fails, it may throw TypeError.

Serialize fails in the following cases:

- If reportTofield is an invalidsyntax

`ts import { coep } from "https://deno.land/x/coep_middleware@$VERSION/middleware.ts"; import { assertThrows } from "https://deno.land/std/testing/asserts.ts";

assertThrows(() => coep({ reportTo: "" }));`

`Conditions`

Middleware will execute if all of the following conditions are met:

- Response does not include Cross-Origin-Embedder-Policyheader - Response does not includeCross-Origin-Embedder-Policy-Report-Only` header

Effects

Middleware may make changes to the following elements of the HTTP message.

- HTTP Headers
- Cross-Origin-Embedder-Policy
- Cross-Origin-Embedder-Policy-Report-Only

API

All APIs can be found in the
deno doc.

License

Released under the MIT license

@httpland/coep-middleware

coep-middleware

Middleware

Usage

Options

$3

$3

$3

$3

Conditions

Effects

API

License

@httpland/coep-middleware

coep-middleware

Middleware

Usage

Options

$3

$3

$3

$3

Conditions

Effects

API

License

Dist Tags

`Options`

`$3`

`$3`

`$3`

`$3`

`Conditions`

`Options`

`$3`

`$3`

`$3`

`$3`

`Conditions`