ienoopen
Middleware to set `X-Download-Options` header for IE8 security
Last updated 6 years ago by evanhahn .
MIT · Repository · Bugs · Original npm · Tarball · package.json 
$ cnpm install ienoopen
SYNC missed versions from official npm registry.

X-Download-Options middleware

This middleware sets the X-Download-Options header to noopen to prevent Internet Explorer users from executing downloads in your site's context.

const ienoopen = require("ienoopen");
app.use(ienoopen());

Some web applications will serve untrusted HTML for download. By default, some versions of IE will allow you to open those HTML files in the context of your site, which means that an untrusted HTML page could start doing bad things in the context of your pages. For more, see this MSDN blog post.

This is pretty obscure, fixing a small bug on IE only. No real drawbacks other than performance/bandwidth of setting the headers, though.

Current Tags

  • 1.1.1                                ...           latest (6 years ago)

4 Versions

  • 1.1.1                                ...           6 years ago
  • 1.1.0                                ...           7 years ago
  • 1.0.0                                ...           10 years ago
  • 0.1.0                                ...           11 years ago
Maintainers (1)
evanhahn
Downloads
Today 0
This Week 0
This Month 1
Last Day 0
Last Week 1
Last Month 0
Dependencies (0)
None
Dev Dependencies (0)
None
Dependents (1)

Copyright 2013 - present © cnpmjs.org | Home |