Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 08:36:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: add helmet middlewares

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2020-08-04 09:51:30 -04:00
parent 6812691d32
commit 774e5d0429
1 changed files with 22 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/webserver.js
View File

@@ -164,14 +164,7 @@ function setupExpressApp(app) {
saveUninitialized: nconf.get('sessionSaveUninitialized') || false,
}));
app.use(helmet.referrerPolicy({ policy: 'strict-origin-when-cross-origin' }));
if (meta.config['hsts-enabled']) {
app.use(helmet.hsts({
maxAge: meta.config['hsts-maxage'],
includeSubDomains: !!meta.config['hsts-subdomains'],
preload: !!meta.config['hsts-preload'],
}));
}
setupHelmet(app);
app.use(middleware.addHeaders);
app.use(middleware.processRender);
@@ -183,6 +176,27 @@ function setupExpressApp(app) {
toobusy.interval(meta.config.eventLoopInterval);
}
function setupHelmet(app) {
app.use(helmet.dnsPrefetchControl());
app.use(helmet.expectCt());
app.use(helmet.frameguard());
app.use(helmet.hidePoweredBy());
app.use(helmet.ieNoOpen());
app.use(helmet.noSniff());
app.use(helmet.permittedCrossDomainPolicies());
app.use(helmet.xssFilter());
app.use(helmet.referrerPolicy({ policy: 'strict-origin-when-cross-origin' }));
if (meta.config['hsts-enabled']) {
app.use(helmet.hsts({
maxAge: meta.config['hsts-maxage'],
includeSubDomains: !!meta.config['hsts-subdomains'],
preload: !!meta.config['hsts-preload'],
}));
}
}
function setupFavicon(app) {
var faviconPath = meta.config['brand:favicon'] || 'favicon.ico';
faviconPath = path.join(nconf.get('base_dir'), 'public', faviconPath.replace(/assets\/uploads/, 'uploads'));