Drop support for Node <8; change maxAge: null behavior; remove deprec…

…ated options Closes #21. Closes #22. Closes #26.
helmetjs · Sep 1, 2019 · 2cb4cc5 · 2cb4cc5
1 parent 2f855a1
commit 2cb4cc5
Show file tree

Hide file tree

Showing 6 changed files with 801 additions and 953 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -1,5 +1,4 @@
 language: node_js
 node_js:
-  - "6"
   - "8"
   - "10"
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -4,6 +4,12 @@
 ### Added
 * TypeScript type definitions. See [#25](https://github.com/helmetjs/hsts/pull/25)
 
+### Changed
+* Dropped support for Node <8
+* `maxAge` must now be a number if supplied; `undefined` and `null` are no longer allowed
+* Removed deprecated `setIf` option. See [#22](https://github.com/helmetjs/hsts/issues/22)
+* Removed deprecated `includeSubdomains` option; use `includeSubDomains` instead. See [#21](https://github.com/helmetjs/hsts/issues/21)
+
 ## 2.2.0 - 2019-03-10
 ### Added
 * Created a changelog

diff --git a/index.ts b/index.ts
@@ -1,69 +1,41 @@
 import { IncomingMessage, ServerResponse } from 'http';
-import depd from 'depd';
-
-const deprecate = depd('hsts');
-
-const DEFAULT_MAX_AGE = 180 * 24 * 60 * 60;
 
 interface HstsOptions {
   includeSubDomains?: boolean;
   maxAge?: number | null;
   preload?: boolean;
-  setIf?: (req: IncomingMessage, res: ServerResponse) => boolean;
 }
 
-function alwaysTrue () {
-  return true;
-}
+function getHeaderValueFromOptions(options: HstsOptions): string {
+  const DEFAULT_MAX_AGE = 180 * 24 * 60 * 60;
 
-export = function hsts (options: HstsOptions = {}) {
-  if ('includeSubdomains' in options) {
-    deprecate('The "includeSubdomains" parameter is deprecated. Use "includeSubDomains" (with a capital D) instead.');
-  }
-
-  if ('setIf' in options) {
-    deprecate('The "setIf" parameter is deprecated. Refer to the documentation to see how to set the header conditionally.');
-  }
-
-  if (Object.prototype.hasOwnProperty.call(options, 'maxage')) {
+  if ('maxage' in options) {
     throw new Error('maxage is not a supported property. Did you mean to pass "maxAge" instead of "maxage"?');
   }
 
-  const maxAge = options.maxAge !== null && options.maxAge !== undefined ? options.maxAge : DEFAULT_MAX_AGE;
+  const maxAge = 'maxAge' in options ? options.maxAge : DEFAULT_MAX_AGE;
   if (typeof maxAge !== 'number') {
     throw new TypeError('HSTS must be passed a numeric maxAge parameter.');
-  }
-  if (maxAge < 0) {
+  } else if (maxAge < 0) {
     throw new RangeError('HSTS maxAge must be nonnegative.');
   }
 
-  const { setIf = alwaysTrue } = options;
-  if (typeof setIf !== 'function') {
-    throw new TypeError('setIf must be a function.');
-  }
-
-  if (
-    Object.prototype.hasOwnProperty.call(options, 'includeSubDomains') &&
-    Object.prototype.hasOwnProperty.call(options, 'includeSubdomains')
-  ) {
-    throw new Error('includeSubDomains and includeSubdomains cannot both be specified.');
-  }
-
-  // eslint-disable-next-line @typescript-eslint/no-explicit-any
-  const includeSubDomains = options.includeSubDomains !== false && (options as any).includeSubdomains !== false;
-
   let header = `max-age=${Math.round(maxAge)}`;
-  if (includeSubDomains) {
+  if (options.includeSubDomains !== false) {
     header += '; includeSubDomains';
   }
   if (options.preload) {
     header += '; preload';
   }
 
-  return function hsts (req: IncomingMessage, res: ServerResponse, next: () => void) {
-    if (setIf(req, res)) {
-      res.setHeader('Strict-Transport-Security', header);
-    }
+  return header;
+}
+
+export = function hsts (options: HstsOptions = {}) {
+  const headerValue = getHeaderValueFromOptions(options);
+
+  return function hsts (_req: IncomingMessage, res: ServerResponse, next: () => void) {
+    res.setHeader('Strict-Transport-Security', headerValue);
     next();
   };
 }