Provide security by proxying requests to legacy applications.
When will a v1 be ready?
⚠️ Until a v1.*.*
release is created, it is not recommended to use this tool in a production environment.
The following checklist of features is required before a v1 release will be created:
- ✅ Automated CI Pipeline
- ✅ Automated Release Process
- ✅ Automated SAST Pipeline
- ✅ Comprehensive Unit Test Coverage
- ✅ Docker Support
- ✅ Linux, macOS, and Windows Support
- ✅ Version Command
- ❌ Configuration to Selectively Disable or Configure Headers
- ❌ Dynamic Content Security Policy
- ❌ Integration Test Coverage
- ❌ TLS Support
- 🚧 Base Security Headers
- 🚧 Request Logging
How to get started?
Install
Method |
OS |
Command / Action |
Homebrew |
Linux, macOS |
brew install dbtedman/tap/conveyance |
Docker |
Linux, macOS, Windows |
docker pull dbtedman/conveyance |
Release Binary |
Linux, macOS, Windows |
Download a pre-compiled binary from a release (github.com). |
Run
conveyance serve --from=:3000 --to=https://example.com
or via Docker:
docker run -it dbtedman/conveyance serve --from=:3000 --to=https://example.com
Demo
curl http://localhost:3000 --head --header "Host: example.com"
You will see something like the following:
Headers not assigned by conveyance have been removed from this example.
HTTP/1.1 200 OK
Content-Security-Policy: default-src 'none'; script-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; frame-ancestors 'none'; form-action 'self';
Referrer-Policy: strict-origin-when-cross-origin
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
How to contribute?
Read our Contributing Guide to learn more about how to contribute to this project.
Is this project secure?
Read our Security Guide to learn how security is considered during the development and operation of this
application.
License
See LICENSE.md for details.