Description

A Collection of Security Related Plugins for 'fiery'.

Description

Provide a range of plugins for 'fiery' web servers that handle different aspects of server-side web security. Be aware that security cannot be handled blindly, and even though these plugins will raise the security of your server you should not build critical infrastructure without the aid of a security expert.

README.md

cran.r-project.org

firesafety

This package contains a collections of plugins for fiery that handles server-side security in different ways. Currently it contains:

`SecurityHeaders`

Inspired by helmet.js, this plugin will configure and set a range of security related headers on all outgoing responses.

`CORS`

This plugin will help you set up Cross-Origin-Resource-Sharing (CORS) for one or more paths in your server.

`ResourceIsolation`

This plugin lets you configure Resource Isolation Policies for one or more paths in your server.

Installation

# You can install marquee from CRAN
pak::pak("firesafety")

# Or get the development version from Github
pak::pak("thomasp85/firesafety")

Examples

Using the plugins is straightforward as they all come with sensible defaults that serve as a good starting point. Remember the best security is as strict as your functionality allows. If you find that your server logic no longer works after adding these any of these plugins, investigate why, and relax the settings for the specific area that is causing issues.

app <- fiery::Fire$new()

# Set security headers but remove those related to UI (we assume this is a REST
# server) and rely on defaults for the rest
headers <- firesafety::SecurityHeaders$new(
  content_security_policy = NULL,
  cross_origin_embedder_policy = NULL,
  cross_origin_opener_policy = NULL,
  origin_agent_cluster = NULL,
  referrer_policy = NULL,
  x_dns_prefetch_control = NULL,
  x_download_options = NULL,
  x_frame_options = NULL,
  x_xss_protection = NULL
)

# decrease the max age of STS after creation
headers$strict_transport_security <- firesafety::sts(
  max_age = 31536000 # 1 year
)

# Add to server
app$attach(headers)

# Set up CORS for a subset of paths
cors <- firesafety::CORS$new(
  path = "global/*",
  origin = "https://my-other-website.com"
)

# Add to server
app$attach(cors)

# Set up RIP for a path and its subpaths
rip <- firesafety::ResourceIsolation$new(
  path = "assets/*",
  allowed_site = "same-origin"
)

# Add to server
app$attach(rip)

app
#> 🔥 A fiery webserver
#> 🔥  💥   💥   💥
#> 🔥           Running on: 127.0.0.1:8080
#> 🔥     Plugins attached: header_routr
#> 🔥                       security_headers
#> 🔥                       request_routr
#> 🔥                       cors
#> 🔥                       resource_isolation
#> 🔥 Event handlers added
#> 🔥               header: 1
#> 🔥              request: 1

r-firesafety

firesafety

`SecurityHeaders`

`CORS`

`ResourceIsolation`

Installation

Examples

Version

License

Status

Source

Homepage

Platforms (76)

firesafety

SecurityHeaders

CORS

ResourceIsolation

Installation

Examples

Version

License

Status

Source

Homepage

Platforms76 (76)

`SecurityHeaders`

`CORS`

`ResourceIsolation`

Platforms (76)