API

createEnforcedRequestHandler

A function that creates a default request handler with built-in HUMAN enforcement. Useful if there is little request/response manipulation in your Fastly JS service.

1createEnforcedRequestHandler(
2 config: HumanSecurityConfiguration,
3 onPass: (event: FetchEvent) => Response | Promise<Response>,
4 onResponse?: (response: Response) => Response | Promise<Response>,
5) => ((event: FetchEvent) => Promise<Response>)

Sample usage:

1// index.ts
2import { HumanSecurityConfiguration, createEnforcedRequestHandler } from "perimeterx-fastly-js-edge";
3
4// define HUMAN configuration
5const configs: HumanSecurityConfiguration = {
6 px_app_id: '<APP_ID>',
7 px_cookie_secret: '<COOKIE_SECRET>',
8 px_auth_token: '<AUTH_TOKEN>',
9};
10
11// define what to do when requests pass HUMAN enforcement
12const onPass = (event: FetchEvent): Promise<Response> => {
13 console.log('handling HUMAN-validated request')
14 return fetch(event.request, { backend: 'origin' })
15};
16
17// define what to do for block responses (optional)
18const onResponse = (response: Response): Response => {
19 console.log('handling response from HUMAN enforcer');
20 return response;
21};
22
23// create request handler
24const handleRequest = createEnforcedRequestHandler(configs, onPass, onResponse);
25
26// invoke request handler on incoming fetch events
27addEventListener("fetch", (event) => event.respondWith(handleRequest(event)));

HumanSecurityEnforcer

The entity responsible for performing HUMAN enforcement.

HumanSecurityEnforcer.initialize()

A static function that creates a new instance of the HumanSecurityEnforcer class from a HumanSecurityConfiguration object.

1HumanSecurityEnforcer.initialize(params: HumanSecurityConfiguration) => Promise<HumanSecurityEnforcer>
  • Parameters
    • params: HumanSecurityConfiguration
  • Returns a Promise resolving to a new instance of the HumanSecurityEnforcer class

enforce()

Executes the enforcement functionality, returning a request or response depending on which action should be taken by the worker.

1enforce(event: FetchEvent) => Promise<Response | null>

The function returns null when…

  1. The request should not be blocked.
  2. The request should be blocked, but the enforcer has been configured to let these requests pass.

The function may add headers to the original Request object present on the incoming FetchEvent.

The function returns a Response when…

  1. The request should be blocked, and the response is a block page generated by the enforcer.
  2. The request was a first-party request, and the response is the first-party resource requested.

Modifications can be made to this response as needed prior to returning it from the main function.

postEnforce()

Performs any post-enforcement processing actions and final modifications to (i.e., setting cookies or headers on) the response if needed.

1postEnforce(response: Response) => Promise<void>