plug_secex alternatives and similar packages
Based on the "Framework Components" category.
Alternatively, view plug_secex alternatives based on common mentions on social networks and blogs.
-
ex_admin
ExAdmin is an auto administration package for Elixir and the Phoenix Framework -
phoenix_html
Phoenix.HTML functions for working with HTML strings and templates -
phoenix_ecto
Phoenix and Ecto integration with support for concurrent acceptance testing -
react_phoenix
Make rendering React.js components in Phoenix easy -
absinthe_plug
Plug support for Absinthe, the GraphQL toolkit for Elixir -
phoenix_live_reload
Provides live-reload functionality for Phoenix -
params
Easy parameters validation/casting with Ecto.Schema, akin to Rails' strong parameters. -
phoenix_pubsub_redis
The Redis PubSub adapter for the Phoenix framework -
dayron
A repository `similar` to Ecto.Repo that maps to an underlying http client, sending requests to an external rest api instead of a database -
phoenix_token_auth
Token authentication solution for Phoenix. Useful for APIs for e.g. single page apps. -
rummage_phoenix
Full Phoenix Support for Rummage. It can be used for searching, sorting and paginating collections in phoenix. -
sentinel
DEPRECATED - Phoenix Authentication library that wraps Guardian for extra functionality -
plug_rails_cookie_session_store
Rails compatible Plug session store -
phx_component_helpers
Extensible Phoenix liveview components, without boilerplate -
multiverse
Elixir package that allows to add compatibility layers via API gateways. -
access pass
provides a full user authentication experience for an API. Includes login,logout,register,forgot password, forgot username, confirmation email and all that other good stuff. Includes plug for checking for authenticated users and macro for generating the required routes. -
filterable
Filtering from incoming params in Elixir/Ecto/Phoenix with easy to use DSL. -
scrivener_headers
Scrivener pagination with headers and web linking -
better_params
Cleaner request parameters in Elixir web applications ๐ -
phoenix_pubsub_rabbitmq
RabbitMQ adapter for Phoenix's PubSub layer -
plug_checkup
PlugCheckup provides a Plug for adding simple health checks to your app -
plug_rest
REST behaviour and Plug router for hypermedia web applications in Elixir -
Votex
Implements vote / like / follow functionality for Ecto models in Elixir. Inspired from Acts as Votable gem in Ruby on Rails -
trailing_format_plug
An elixir plug to support legacy APIs that use a rails-like trailing format: http://api.dev/resources.json -
phoenix_html_simplified_helpers
Some helpers for phoenix html( truncate, time_ago_in_words, number_with_delimiter, url_for, current_page? )
Build time-series-based applications quickly and at scale.
Do you think we are missing an alternative of plug_secex or a related project?
README
PlugSecex

Plug that adds various HTTP Headers to make Phoenix/Elixir app more secure
Installation
The package can be installed from hex as:
Add plug_secex to your list of dependencies in mix.exs
:
def deps do
[{:plug_secex, "~> 0.1.3"}]
end
Or you can directly install it from github:
def deps do
[{:plug_secex, github: "techgaun/plug_secex"}]
end
Example
If you are using phoenix, you can put the plug in web/router.ex
.
pipeline :browser do
plug PlugSecex
end
You can also specify to override or disable particular set of headers.
pipeline :browser do
plug PlugSecex,
overrides: [
"x-dns-prefetch-control": "on",
"x-frame-options": "DENY",
"custom-header": "value"
],
except: [
"x-powered-by"
]
end
If you need to determine one of these at run time - for instance, in order to use a content security policy that allows resources from a location configured in environment variables - you can pass a "module, function, arguments" tuple; calling that function with those arguments must return a list as shown in the previous example.
pipeline :browser do
plug PlugSecex,
overrides: {MyModule, :overrides, [arg1, arg2]},
except: {MyModule, :exceptions, [arg3]}
end
The supported headers and their values by default are:
"x-content-type-options": "nosniff",
"x-dns-prefetch-control": "off",
"strict-transport-security": "max-age=31536000",
"x-xss-protection": "1; mode=block",
"x-frame-options": "SAMEORIGIN",
"content-security-policy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'",
"cross-origin-window-policy": "deny",
"x-download-options": "noopen",
"x-permitted-cross-domain-policies": "none"
The headers that are removed by default are:
"x-powered-by",
"server"