plug_secex alternatives and similar packages
Based on the "Framework Components" category.
Alternatively, view plug_secex alternatives based on common mentions on social networks and blogs.
-
dayron
A repository `similar` to Ecto.Repo that maps to an underlying http client, sending requests to an external rest api instead of a database -
rummage_phoenix
Full Phoenix Support for Rummage. It can be used for searching, sorting and paginating collections in phoenix. -
phoenix_token_auth
Token authentication solution for Phoenix. Useful for APIs for e.g. single page apps. -
access pass
provides a full user authentication experience for an API. Includes login,logout,register,forgot password, forgot username, confirmation email and all that other good stuff. Includes plug for checking for authenticated users and macro for generating the required routes. -
Votex
Implements vote / like / follow functionality for Ecto models in Elixir. Inspired from Acts as Votable gem in Ruby on Rails -
trailing_format_plug
An elixir plug to support legacy APIs that use a rails-like trailing format: http://api.dev/resources.json -
plug_canonical_host
PlugCanonicalHost ensures that all requests are served by a single canonical host.
InfluxDB - Power Real-Time Data Analytics at Scale
Do you think we are missing an alternative of plug_secex or a related project?
README
PlugSecex
Plug that adds various HTTP Headers to make Phoenix/Elixir app more secure
Installation
The package can be installed from hex as:
Add plug_secex to your list of dependencies in mix.exs
:
def deps do
[{:plug_secex, "~> 0.1.3"}]
end
Or you can directly install it from github:
def deps do
[{:plug_secex, github: "techgaun/plug_secex"}]
end
Example
If you are using phoenix, you can put the plug in web/router.ex
.
pipeline :browser do
plug PlugSecex
end
You can also specify to override or disable particular set of headers.
pipeline :browser do
plug PlugSecex,
overrides: [
"x-dns-prefetch-control": "on",
"x-frame-options": "DENY",
"custom-header": "value"
],
except: [
"x-powered-by"
]
end
If you need to determine one of these at run time - for instance, in order to use a content security policy that allows resources from a location configured in environment variables - you can pass a "module, function, arguments" tuple; calling that function with those arguments must return a list as shown in the previous example.
pipeline :browser do
plug PlugSecex,
overrides: {MyModule, :overrides, [arg1, arg2]},
except: {MyModule, :exceptions, [arg3]}
end
The supported headers and their values by default are:
"x-content-type-options": "nosniff",
"x-dns-prefetch-control": "off",
"strict-transport-security": "max-age=31536000",
"x-xss-protection": "1; mode=block",
"x-frame-options": "SAMEORIGIN",
"content-security-policy": "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' 'unsafe-eval'",
"cross-origin-window-policy": "deny",
"x-download-options": "noopen",
"x-permitted-cross-domain-policies": "none"
The headers that are removed by default are:
"x-powered-by",
"server"